cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
776
Views
8
Helpful
5
Replies

Disable logging on switch port/TACACS

nygenxny123
Level 1
Level 1

We are implimenting TACACS on our network.

However we do not want to see when

a user ethernet port goes up or down on the switch..

How would this be implimented?

This is the current tacacs config

aaa new-model

aaa authentication login default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa accounting command 15 default start-stop tacacs+

service timestamps debug date

service timestamps log date

tacacs-server host 192.168.4.23

tacacs-server directed-request

username xxx priv 15 pass xxxx

enable-password xxxx

service password-enc

line vty 0 15

privil level 15

line con 0

privil level 15

5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

You'll have to change your logging level (for trap).

RTR-7206VXR(config)#logging trap ?

<0-7> Logging severity level

alerts Immediate action needed (severity=1)

critical Critical conditions (severity=2)

debugging Debugging messages (severity=7)

emergencies System is unusable (severity=0)

errors Error conditions (severity=3)

informational Informational messages (severity=6)

notifications Normal but significant conditions (severity=5)

warnings Warning conditions (severity=4)

What is your current level? I think anything below 6 does not log up/down.

Hope that helps.

hmnm i think I am at 6

cat1.nyc4#show log

Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes,

0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 13629 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 13629 messages logged, xml disabled,

filtering disabled

Exception Logging: size (4096 bytes)

Count and timestamp logging messages: disabled

File logging: disabled

Trap logging: level informational, 13632 message lines logged

I will try ur advice..thx

Mark Yeates
Level 7
Level 7

You could add the following interface command "no logging event link-status" on all your interfaces. This would allow you to keep your logging level and not see lines for each up/down on the switchports.

HTH,

Mark

Nice one Mark, I ever knew about that one.

Collin,

I discovered that one a while back and it is a very handy command to have especially on a port connected to an end user PC. It keeps the logs alot cleaner that way.

Thanks for the rating!

Mark

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco