Command accounting with ACS

Unanswered Question
Jul 8th, 2009
User Badges:

HOw can I achive command accounting via acs I have configured devices as below but no luck

aaa accounting exec aaa-list start-stop group bwaaa

aaa accounting commands 1 aaa-list start-stop group bwaaa

aaa accounting commands 15 aaa-list start-stop group bwaaa

aaa accounting system default start-stop group bwaaa


any idea about it


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Wed, 07/08/2009 - 10:12
User Badges:
  • Red, 2250 points or more

Hi,

Command accounting only works with tacacs and not with radius. Make sure bwaaa is set up as tacacs.



These logs are stored in tacacs administration report, so make sure you are checking the correct head.


Still it is not working then check acs code. Incase it is 4.1.1 then you need to apply patch 5 to fix it.


To download patch for appliance,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des


For windows

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des



Regards,

~JG


Do rate helpful posts



jain.nitin Wed, 07/08/2009 - 10:51
User Badges:

Hi, I am using 4.2 version appliance. I am using tacacs+ u can s below config for your reference

aaa new-model

aaa group server tacacs+ bwaaa

server 10.2.6.1

server 10.2.6.2

ip tacacs source-interface Vlan1111

!

aaa authentication login aaa-list group bwaaa local

aaa authentication enable default group bwaaa enable

aaa authorization exec aaa-list group bwaaa local

aaa accounting exec aaa-list start-stop group bwaaa

aaa accounting commands 1 aaa-list start-stop group bwaaa

aaa accounting commands 15 aaa-list start-stop group bwaaa

aaa accounting system default start-stop group bwaaa

!

aaa session-id common



tacacs-server host 10.2.6.1 timeout 25

tacacs-server host 10.2.6.2 timeout 25

tacacs-server timeout 25

tacacs-server directed-request

tacacs-server key cisco123


Jagdeep Gambhir Wed, 07/08/2009 - 12:06
User Badges:
  • Red, 2250 points or more

As stated in other post, try it without any method list and get the debugs


debug aaa accounting

debug tacacs


Did you check tacacs administration logs??

jain.nitin Thu, 07/09/2009 - 11:12
User Badges:

HI It worked when I did not use any method list with the default list it works.. I dont understand why it is not working with my defined list...is there any other procedure to define method list..

Actions

This Discussion