Tracking the executed commands

Unanswered Question
Jul 13th, 2007

We are using Microsoft IAS Radius server for authentication to a large number of Cisco routers in our organization. Is it possible to log the commands that are entered on routers (Whether console or telnet session) for audit purposes? If so, is there a document on how to do implement it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
parmsing Fri, 07/13/2007 - 09:28


That is very much possible but I am not sure if IAS logging supports it. Here are the commands we need to configure on IOS devcie.

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+/Radius

aaa accounting commands 1 default start-stop group tacacs+/Radius

aaa accounting commands 15 default start-stop group tacacs+/Radius



Premdeep Banga Fri, 07/13/2007 - 09:31

Unfortunately its not possible using IAS, as it only supports Radius protocol.

And you are looking for is covered under TACACS+ protocol (Cisco ACS)



parmsing Fri, 07/13/2007 - 11:28


My apologies for the incorrect information, I recreated this issue and Prem is correct, we cannot configure radius accounting for the commands. Tacacs is the only option available for the command accounting.



Richard Burts Sat, 07/14/2007 - 09:31


This is a very neat feature that I was not aware of. I believe it deserves the 5 rating that I gave it.



Neno Spasov Wed, 07/10/2013 - 16:13

The link no longer seems to be valid. What is the neat/good feature that you guys are talking about ??


This Discussion