07-23-2007 12:14 AM - edited 03-10-2019 03:17 PM
1. i configured accounting on the cisco devices to the CS ACS. but the commands enterd in the devices adon't show up in the CS ACS accounting. how can i collect all the commands entered to the devices to be logged to the CS ACS?
2. i am configurig a PIX 525 IOS ver 6.3 for remote access VPN. i want an Xauth so that remote users (who are going to access some Solaris Servers through telnet and ssh) will be authenticated through the CS ACS. on the CS ACS, which can i use, the TACACS+ or RADIUS or both? and how?
07-23-2007 07:02 AM
Hi ,
1). Did you check tacacs admin accounting logs ? What is the ver of acs ?
2). You can use both , radius or tacacs,
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/basclnt.html#wp1066294
Hope that helps
Regards,
~JG
07-24-2007 04:51 AM
1.yes i checked but what i get is the start and stop times, not the exact commands used.the ACS is ver 3.3
2.i will try the TACACS+
07-24-2007 05:08 AM
On which Cisco device you have set up command authorization ? Did you use radius or tacacs ?
Command author will work only with Tacacs.
Kindly rate help full posts.
regards,
~JG
07-24-2007 06:43 AM
normally what i was asking is the accounting service, just accounting the commands used on the devices.
for example i have cisco 3725 router ios vr 12.6.
i set up only authentication and almost all accounting (no authorization) commands on the router.the authentication works fine, the start-stop times work fine, but used commands are not captured.
i use TACACS+
07-24-2007 11:33 AM
Can you get me the accounting debugs
debug aaa accounting
Also are you sure acs ver is 3.3 ?
07-24-2007 11:25 PM
some debug info:
Jul 25 10:18:23.239: AAA/ACCT(00000012): Accouting method=tacacs+ (tacplus)
Jul 25 10:18:23.243: AAA/ACCT/CMD(00000012): STOP protocol reply PASS
Jul 25 10:18:23.243: AAA/ACCT/CMD(00000012): Cleaning up from Callback osr 0
Jul 25 10:18:23.243: AAA/ACCT/CMD(00000012) Record not present
Jul 25 10:18:23.243: AAA/ACCT/CMD(00000012) reccnt 2, csr FALSE, osr 0
Jul 25 10:18:27.275: AAA/ACCT/243(00000012): Pick method list 'default'
Jul 25 10:18:27.275: AAA/ACCT/SETMLIST(00000012): Handle 0, mlist 637D82C8, Name default
Jul 25 10:18:27.275: Getting session id for CMD(00000012) : db=63A92BA4
Jul 25 10:18:27.275: AAA/ACCT/CMD(00000012): add, count 3
Jul 25 10:18:27.275: AAA/ACCT/EVENT/(00000012): COMMAND
Jul 25 10:18:27.275: AAA/ACCT/CMD(00000012): Queueing record is COMMAND osr 1
Jul 25 10:18:27.275: AAA/ACCT/CMD(00000012): free_rec, count 2
Jul 25 10:18:27.275: AAA/ACCT/CMD(00000012): Setting session id 284 : db=63A92BA4
Jul 25 10:18:27.279: AAA/ACCT(00000012): Accouting method=tacacs+ (tacplus)
Jul 25 10:18:27.283: AAA/ACCT/CMD(00000012): STOP protocol reply PASS
Jul 25 10:18:27.283: AAA/ACCT/CMD(00000012): Cleaning up from Callback osr 0
Jul 25 10:18:27.283: AAA/ACCT/CMD(00000012) Record not present
Jul 25 10:18:27.283: AAA/ACCT/CMD(00000012) reccnt 2, csr FALSE, osr 0exit
the ACS ver is 3.3
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide