Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
651
Views
0
Helpful
5
Replies

Radius

jigz.bagsicjr
Level 1
Level 1

‎05-24-2007 08:59 AM - edited ‎03-10-2019 03:10 PM

Hi, i would like to know if there is a way to account the commands entered by certain profile log-in to the router/switch using MS IAS method? Currently i'm using IAS radius server from my switches and routers. And i'm having problem in doing an accounting of commands.

Thanks!

Labels:
0 Helpful
5 Replies 5

palomoj
Level 1
Level 1

‎05-24-2007 09:22 AM

Actually, I just reviewed the IAS capabilities and you should be able to do accounting. Do you have accounting logging enabled on the IAS server? Do you also have the appropriate AAA accounting commands implemented. Please post your AAA accounting related commands.

Thanks.

0 Helpful

jigz.bagsicjr
Level 1
Level 1
In response to palomoj

‎05-24-2007 09:27 AM

i see, just last question. Is there any unix/linux based application that can support this accounting of commands aside from Cisco ACS?

0 Helpful

jigz.bagsicjr
Level 1
Level 1
In response to palomoj

‎06-09-2007 02:28 AM

Not sure, are you talking on the "Remote Acces Logging"? If so, i used the default Local file logs from the IAS server.

Below are my commands.

aaa new-model

aaa authentication login default group radius line

aaa authentication login radius_localcon local-case

aaa authorization exec default group radius if-authenticated

aaa authorization network default group radius

aaa accounting network default start-stop group radius

aaa accounting system default start-stop group radius

radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646

radius-server source-ports 1645-1646

radius-server key 7 xxxxxxxxxxx

Please feel free to suggest on how i could implement accounting with repsect to the commands that has been entered by the admin users logged-in from my routers/switches using the IAS.

Thanks!

0 Helpful

Premdeep Banga
Level 7
Level 7

‎05-26-2007 03:53 PM

Hi,

The Cisco Systems implementation of RADIUS does not support command accounting.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schacct.htm#wp1001268

Regards,

Prem

0 Helpful

srue
Level 7
Level 7
In response to Premdeep Banga

‎05-30-2007 06:01 AM

Prem is correct. All radius can do in Cisco is send the start and stop bits...no command accounting anyway. try tacacs+. (of course IAS doesn't support this).

0 Helpful
Customers Also Viewed These Support Documents