Configuring accounting methods for an ISP domain
Configuration prerequisites
Before configuring accounting methods, complete the following tasks:
Determine the access type or service type to be configured. With AAA, you can configure an accounting method for each access type and service type.
Determine whether to configure the default accounting method for all access types or service types. The default accounting method applies to all access users. However, the method has a lower priority than the accounting method that is specified for an access type or service type.
Configuration guidelines
When configuring accounting methods, follow these guidelines:
FTP, SFTP, and SCP users do not support accounting.
Local accounting does not provide statistics for charging. It only counts and controls the number of concurrent users who use the same local user account. The threshold is configured by using the access-limit command.
Configuration procedure
To configure accounting methods for an ISP domain:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter ISP domain view. | domain isp-name | N/A |
3. Specify the default accounting method for all types of users. | accounting default { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] } | By default, the accounting method is local. The none keyword is not supported in FIPS mode. |
4. Specify the accounting method for ADVPN users. | accounting advpn { local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] } | By default, the default accounting method is used for ADVPN users. The none keyword is not supported in FIPS mode. |
5. Specify the command accounting method. | accounting command hwtacacs-scheme hwtacacs-scheme-name | By default, the default accounting method is used for command accounting. |
6. Specify the accounting method for IPoE users. | accounting ipoe { broadcast radius-scheme radius-scheme-name1 radius-scheme radius-scheme-name2 [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] } | By default, the default accounting method is used for IPoE users. The none keyword is not supported in FIPS mode. |
7. Specify the accounting method for LAN users. | accounting lan-access { broadcast radius-scheme radius-scheme-name1 radius-scheme radius-scheme-name2 [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] } | By default, the default accounting method is used for LAN users. The none keyword is not supported in FIPS mode. |
8. Specify the accounting method for login users. | accounting login { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] } | By default, the default accounting method is used for login users. The none keyword is not supported in FIPS mode. |
9. Specify the accounting method for portal users. | accounting portal { broadcast radius-scheme radius-scheme-name1 radius-scheme radius-scheme-name2 [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] } | By default, the default accounting method is used for portal users. The none keyword is not supported in FIPS mode. |
10. Specify the accounting method for PPP users. | accounting ppp { broadcast radius-scheme radius-scheme-name1 radius-scheme radius-scheme-name2 [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] | hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] } | By default, the default accounting method is used for PPP users. The none keyword is not supported in FIPS mode. |
11. Configure access control for users who encounter accounting-start failures. | accounting start-fail { offline | online } | By default, the device does not perform actions on users who encounter account-start failures. |
12. Configure access control for users who have failed all their accounting-update attempts. | accounting update-fail { [ max-times max-times ] offline | online } | By default, the device does not perform actions on users who have failed all their accounting-update attempts. |
13. Configure access control for users who have used up their data quotas. | accounting quota-out { offline | online } | By default, the device logs off users who have used up their data quotas. |