AAA Accounting on router

Unanswered Question
May 12th, 2007
User Badges:

Hi,


This is simple! I'm missing something. Multiple 2651 routers with Tacacs authentication and authorization configured using 'default' list. thats fine, but want to add accounting.


Add the lines:


aaa accounting exec default start-stop group tacacs


aaa accounting commands 15 default start-stop group tacacs.


No logs are showing in ACS? The report is configured. I can get accounting for logging in via telnet but no commands. Show priv shows level 15?


Any ideas?


thanks!


Andy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
royalblues Sat, 05/12/2007 - 07:18
User Badges:
  • Green, 3000 points or more

Andy,


you need to add the accounting configuration under the vty lines


line vty 0 4

accounting connection default

accounting commands 1 default

accounting commands 15 default

accounting exec default


HTH, rate if it does

Narayan

andrew100 Sun, 05/13/2007 - 03:09
User Badges:

Hi Narayan,


Still no good i'm afraid - No accounting logs at all even when i add the commands.


Strange!


Andy

royalblues Sun, 05/13/2007 - 05:05
User Badges:
  • Green, 3000 points or more

Andy,


As Gambhir has posted, the accounting logs are actually seen on the tacacs administration page.


can you post the relevant configs


Narayan

andrew100 Mon, 05/14/2007 - 02:04
User Badges:

Hi Narayan,


Yeah there is nothing under the TACACS administration page, it's blank. I only get accounting logs under TACACS accounting for the stop start. Under administration where i expect to get the logs for the commands at level 15 entered there is nothing. All the logs are 'on' under 'system logging'.


Quite confusing considering there isn't much to get wrong!


Thanks for your help (oh the config is the lines posted at the start of this thread, thats it :-)). Nothing appears under the vty line as i am using default method list....

Jagdeep Gambhir Mon, 05/14/2007 - 11:30
User Badges:
  • Red, 2250 points or more

Andy,

Are you by any chance using acs 4.1 ?



Regards,

andrew100 Tue, 05/15/2007 - 00:07
User Badges:

Hi,


I am yes! have I missed something in the config for 4.1?


I was going to put my config on etc later today...


Thanks :-)


Andy


Jagdeep Gambhir Tue, 05/15/2007 - 04:31
User Badges:
  • Red, 2250 points or more

Andy ,

This is a known issue with 4.1. Please download patch from below mentioned link and install it on acs server( ACS Windows).


http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Patch Name: ACS 4.1.1.23.4 accumulative patch


Steps to install and release notes of this patch is available on read me file"Acs-4.1.1.23.4-Readme.txt"

For ACS appliance use this link,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des



That should fix the issue :-)



Regards

Jagdeep

andrew100 Tue, 05/15/2007 - 05:40
User Badges:

Brilliant,


I'll try it right away...


Thanks for your help and i'll let you know!


Andy

Jagdeep Gambhir Sat, 05/12/2007 - 07:41
User Badges:
  • Red, 2250 points or more

Andy,

Config looks goood. You must be getting logs in tacacs administration reports, please check, it should be there ;-)



Regards

mbroberson1 Mon, 05/14/2007 - 07:36
User Badges:

Andy,


Add all these lines to see what happens.


aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+


MAKE Sure you tacacs+ server ip address and keys are correct and that there are no invisible spaces after the key. Also some older versions of IOS don't support an encrypted tacacs+ server key, you may try putting in ths password in the clear.


Hope this helps,


Brandon

Actions

This Discussion