Setting up AAA Accounting on 3750 Switches

Unanswered Question
Jul 23rd, 2008

I'm trying to set up AAA accounting for all commands executed on all of my switches. We have a TACACs Server running Cisco ACS v3.1. What commands do I need to enter on my switches for it to send accounting messages to my TACACs server?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Wed, 07/23/2008 - 09:45
<font size="2">aaa accounting exec default start-stop group tacacs+</p><p>aaa accounting commands 1 default start-stop group tacacs+</p><p>aaa accounting commands 15 default start-stop group tacacs+</p><p>aaa accounting system default start-stop group tacacs+</p><p> </font>

Hope that helps.

Jagdeep Gambhir Thu, 07/24/2008 - 05:48

Also command accounting logs are stored in Tacacs administration report and not in tacacs accounting report.


Regards,

~JG

javier.bueno Thu, 07/24/2008 - 06:56

Any configuration on ACS ?

After configure this commands, no messages are generated in my ACS, on Tacacs+ Administration ....


Thanks.

Jagdeep Gambhir Thu, 07/24/2008 - 06:59

If you are running acs 4.1.1 then there is a known issue related to command accounting do not show up.


To fix it you need to apply patch 5 ie 4.1.1 patch 5.


Regards,

~JG

Actions

This Discussion