I was running ACS 4.0 demo version. Everything was running fine.
After upgrading and keeping the old configuration, I can't see logs in the TACACS+ Administration Reports. I kept the configurations on the router and switch the same, so I believe that the problem resides in the ACS software.
I tested some debug, and it seems that the router is sending the command that is being typed to ACS.
Here is the config I?m using:
tacacs-server host 192.168.X.X key XXXXXXXXXXX
aaa authentication login telnet group tacacs+ enable
aaa authentication login console enable
aaa authentication enable default group tacacs+ enable
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection telnet start-stop group tacacs+
line con 0
authorization exec NO-AUTH
login authentication console
line vty 0 4
authorization exec AUTH
login authentication telnet
aaa authorization exec AUTH group tacacs+ none
aaa authorization config-commands
aaa authorization exec NO-AUTH none
aaa authorization commands 0 default group tacacs+ none
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
This is a known issue, you need to apply patch ACS 184.108.40.206.5 to fix the issue.
Patch for appliance is availble on
Patch name : ACS SE 220.127.116.11.5 accumulative patch
Patch for acs windows is availble on
Patch Name : ACS 18.104.22.168.5 accumulative patch
That should fix the issue,
Note: If that answers your question, then please mark this thread as resolved, so that others can benefit from it.