TACACS+ Administration Report - Reason column?

Unanswered Question
Feb 22nd, 2008

On the TACACS+ Administration Report, there is a reason column. Does anyone know how I would use this?

I'm looking for a solution to this problem. We have multiple scripts that log into our routers for various reasons. Instead of having to create 7 different username/password combinations so I can see when each script is logging into the router (and what it is doing), I was hoping to be able to pass a string that would identify this function and only use one username. Not sure if this is possible. Any other suggestions appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
darpotter Fri, 02/29/2008 - 09:24

The "reason" column gets filled in when logins/cmds are filtered by NARs. It would tell you which NAR caused the login to be rejected.

On the ACS side you could add a custom command whose authorisation would get logged in the T+ admin logs. Only issue is what IOS would do with the unknown command?

A cludge might be to add "ping " into the script?? Im sure there's a better way!

In my time at Cisco I often asked why there wasnt better change management built into IOS so that, for example you could enter some reference into IOS when you enable, and have that value included in each command authorisation. Seemed really simple and useful to me!

Darran

Actions

This Discussion