Custom Search
|
|
Cisco Ccna (640-553) Security Training: Using The Aaa Dnis Map Accounting Network Command
Network administrators (like you) use the “aaa dnis map accounting network” command to map a Dialed Number Information Service (DNIS) number to a particular AAA server group that will be used for AAA accounting. Another way of saying it is, CCNA’s (like you) use the aaa dnis map accounting network” command to assign a DNIS number to a specific AAA server group, so that the server group can process accounting requests for users dialing into the network using a particular DNIS number. Now, before you can use the command, you must do the following first: 1. Enable AAA on the router 2. Define an AAA server group 3. Enable DNIS mapping Below is the command’s syntax: aaa dnis map dnis-number accounting network [start-stop | stop-only | none] [broadcast] group groupname As you can see, the command can use several keywords, below are there explanations: dnis-number – The argument is the number of the DNIS. start-stop – This (optional) keyword is used to indicate that the defined security server group will send a “start accounting” notice at the beginning of a process and a “stop accounting” notice at the end of a process. The “start accounting” record is sent in the background. (The requested user process begins regardless of whether the “start accounting” notice was received by the accounting server.) stop-only – This (optional) keyword is used to indicate that the defined security server group will send a “stop accounting” notice at the end of the requested user process. none – This (optional) keyword is used to indicate that the defined security server group will not send accounting notices. broadcast – This (optional) keyword enables sending accounting records to multiple AAA servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, failover occurs using the backup servers defined within that group. group group-name —This keyword uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command. Below is an example of the command being used: Router>enable Router#configure terminal Router(config)#aaa new-model Router(config)#radius-server host 172.30.0.0 acct-port 1646 key ittechtips1 Router(config)#aaa group server radius group1 Router(config-sg-radius)#server 172.30.0.0 Router(config-sg-radius)#exit Router(config)#aaa dnis map enable Router(config)#aaa dnis map 8888 accounting network group group1 Router(config)#exit Router#copy run start In the above example, we are using the “aaa dnis map accounting network” command to map the 8888 DNIS number to the RADIUS server group called group1. Server group group1 will use RADIUS server 172.30.0.0 for accounting requests for users dialing in with DNIS 8888. And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below: Router(config)#no aaa dnis map dnis-number accounting network By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.1(1)T or higher. I hope this article was very informative and helped you quickly understand the usage of the aaa dnis map accounting network command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques. To your success, Article Directory: http://www.articledashboard.com Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you'll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam. Sign-Up for "100 3 Free Videos" and, also learn more about the new "Cisco CCNA (640-553) Video Accelerated Training Course" at his website. www.ccnaittechtips.com |
|