It's not possible to transparently do this. Accounting is based on someone/something entering a username/password and this being sent to an external AAA server.
It's not possible to do this on a switch other than with say, dot1x, but then you need certificates and additional setup on the client and on the ACS server, certainly not transparent.
You could do this on the 2600 router using auth-proxy (http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdauthp.htm), where the user browses out to the Internet, and the router intercepts this and prompts the user for a username/password. After entering one they're allowed out to the Internet, and you can simply configure accounting to go along with it. It's still not transparent, but you're not going to be able to be transparent and still do accounting.