The accounting feature tracks and maintains a log of every management configuration used to access the switch. This information can be used to generate reports for troubleshooting and auditing purposes. Accounting logs can be stored locally or sent to remote AAA servers. The default maximum size of the accounting log is 250,000 bytes and cannot be changed.
Configuration operations are automatically recorded in the accounting log if they are performed in configuration mode. Additionally, important system events (for example, configuration save and system switchover) are also recorded in the accounting log.
Server Groups
You can specify remote AAA servers for authentication, authorization, and accounting using server groups. A server group is a set of remote AAA servers implementing the same AAA protocol. The purpose of a server group is to provide for failover servers in case a remote AAA server fails to respond. If the first remote server in the group fails to respond, the next remote server in the group is tried until one of the servers sends a response. If all the AAA servers in the server group fail to respond, that server group option is considered a failure. If required, you can specify multiple server groups.
AAA Service Configuration Options
AAA configuration in Cisco MDS 9000 Series Switches is service based. You can have separate AAA configurations for the following services:
Telnet or SSH login (DCNM and Device Manager login)
Console login
iSCSI authentication
FC-SP authentication
Accounting
In general, server group, local, and none are the three options that can be specified for any service in an AAA configuration. Each option is tried in the order specified. If all the options fail, local is tried.
Note
Even if local is not specified as one of the options, it is tried by default if all AAA servers configured for authentication are unreachable. The user has the flexibility to disable this fallback.