Cisco Ccna (640-553) Security Training Using The Aaa Dnis Map Accounting Network Command

In todays article, Im going to inform you about the Cisco IOS global configuration mode command named aaa dnis map accounting network.

Network administrators (like you) use the aaa dnis map accounting network command to map a Dialed Number Information Service (DNIS) number to a particular AAA server group that will be used for AAA accounting.

Another way of saying it is, CCNAs (like you) use the aaa dnis map accounting network command to assign a DNIS number to a specific AAA server group, so that the server group can process accounting requests for users dialing into the network using a particular DNIS number.

Now, before you can use the command, you must do the following first:

1.Enable AAA on the router
2.Define an AAA server group
3.Enable DNIS mapping

Below is the commands syntax:

aaa dnis map dnis-number accounting network [start-stop | stop-only | none] [broadcast] group groupname

As you can see, the command can use several keywords, below are there explanations:

dnis-number The argument is the number of the DNIS.

start-stop This (optional) keyword is used to indicate that the defined security server group will send a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. (The requested user process begins regardless of whether the start accounting notice was received by the accounting server.)

stop-only This (optional) keyword is used to indicate that the defined security server group will send a stop accounting notice at the end of the requested user process.

none This (optional) keyword is used to indicate that the defined security server group will not send accounting notices.

broadcast This (optional) keyword enables sending accounting records to multiple AAA servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, failover occurs using the backup servers defined within that group.

group group-name This keyword uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command.

Below is an example of the command being used:

Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#radius-server host 172.30.0.0 acct-port 1646 key ittechtips1
Router(config)#aaa group server radius group1
Router(config-sg-radius)#server 172.30.0.0
Router(config-sg-radius)#exit
Router(config)#aaa dnis map enable
Router(config)#aaa dnis map 8888 accounting network group group1
Router(config)#exit
Router#copy run start

In the above example, we are using the aaa dnis map accounting network command to map the 8888 DNIS number to the RADIUS server group called group1. Server group group1 will use RADIUS server 172.30.0.0 for accounting requests for users dialing in with DNIS 8888.

And, just like mostly all Cisco IOS commands; you can use the word no in front of the command to remove (disable) the configured command; like you see below:

Router(config)#no aaa dnis map dnis-number accounting network

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.1(1)T or higher.

I hope this article was very informative and helped you quickly understand the usage of the aaa dnis map accounting network command. If you need to learn more; I suggest you visit my website, were youll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

To your success,