Unanswered Question
May 24th, 2007

Hi, i would like to know if there is a way to account the commands entered by certain profile log-in to the router/switch using MS IAS method? Currently i'm using IAS radius server from my switches and routers. And i'm having problem in doing an accounting of commands.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
palomoj@saccourt.com Thu, 05/24/2007 - 09:22

Actually, I just reviewed the IAS capabilities and you should be able to do accounting. Do you have accounting logging enabled on the IAS server? Do you also have the appropriate AAA accounting commands implemented. Please post your AAA accounting related commands.


jigz.bagsicjr Thu, 05/24/2007 - 09:27

i see, just last question. Is there any unix/linux based application that can support this accounting of commands aside from Cisco ACS?

jigz.bagsicjr Sat, 06/09/2007 - 02:28

Not sure, are you talking on the "Remote Acces Logging"? If so, i used the default Local file logs from the IAS server.

Below are my commands.

aaa new-model

aaa authentication login default group radius line

aaa authentication login radius_localcon local-case

aaa authorization exec default group radius if-authenticated

aaa authorization network default group radius

aaa accounting network default start-stop group radius

aaa accounting system default start-stop group radius

radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646

radius-server source-ports 1645-1646

radius-server key 7 xxxxxxxxxxx

Please feel free to suggest on how i could implement accounting with repsect to the commands that has been entered by the admin users logged-in from my routers/switches using the IAS.


srue Wed, 05/30/2007 - 06:01

Prem is correct. All radius can do in Cisco is send the start and stop bits...no command accounting anyway. try tacacs+. (of course IAS doesn't support this).


This Discussion