AAA Accounting on router

Unanswered Question
May 12th, 2007

Hi,

This is simple! I'm missing something. Multiple 2651 routers with Tacacs authentication and authorization configured using 'default' list. thats fine, but want to add accounting.

Add the lines:

aaa accounting exec default start-stop group tacacs

aaa accounting commands 15 default start-stop group tacacs.

No logs are showing in ACS? The report is configured. I can get accounting for logging in via telnet but no commands. Show priv shows level 15?

Any ideas?

thanks!

Andy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
royalblues Sat, 05/12/2007 - 07:18

Andy,

you need to add the accounting configuration under the vty lines

line vty 0 4

accounting connection default

accounting commands 1 default

accounting commands 15 default

accounting exec default

HTH, rate if it does

Narayan

andrew100 Sun, 05/13/2007 - 03:09

Hi Narayan,

Still no good i'm afraid - No accounting logs at all even when i add the commands.

Strange!

Andy

royalblues Sun, 05/13/2007 - 05:05

Andy,

As Gambhir has posted, the accounting logs are actually seen on the tacacs administration page.

can you post the relevant configs

Narayan

andrew100 Mon, 05/14/2007 - 02:04

Hi Narayan,

Yeah there is nothing under the TACACS administration page, it's blank. I only get accounting logs under TACACS accounting for the stop start. Under administration where i expect to get the logs for the commands at level 15 entered there is nothing. All the logs are 'on' under 'system logging'.

Quite confusing considering there isn't much to get wrong!

Thanks for your help (oh the config is the lines posted at the start of this thread, thats it :-)). Nothing appears under the vty line as i am using default method list....

andrew100 Tue, 05/15/2007 - 00:07

Hi,

I am yes! have I missed something in the config for 4.1?

I was going to put my config on etc later today...

Thanks :-)

Andy

Jagdeep Gambhir Tue, 05/15/2007 - 04:31

Andy ,

This is a known issue with 4.1. Please download patch from below mentioned link and install it on acs server( ACS Windows).

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Patch Name: ACS 4.1.1.23.4 accumulative patch

Steps to install and release notes of this patch is available on read me file"Acs-4.1.1.23.4-Readme.txt"

For ACS appliance use this link,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

That should fix the issue :-)

Regards

Jagdeep

andrew100 Tue, 05/15/2007 - 05:40

Brilliant,

I'll try it right away...

Thanks for your help and i'll let you know!

Andy

Jagdeep Gambhir Sat, 05/12/2007 - 07:41

Andy,

Config looks goood. You must be getting logs in tacacs administration reports, please check, it should be there ;-)

Regards

mbroberson1 Mon, 05/14/2007 - 07:36

Andy,

Add all these lines to see what happens.

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

MAKE Sure you tacacs+ server ip address and keys are correct and that there are no invisible spaces after the key. Also some older versions of IOS don't support an encrypted tacacs+ server key, you may try putting in ths password in the clear.

Hope this helps,

Brandon

Actions

This Discussion