Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
5
Helpful
3
Replies

AAA Accounting Config Help

Go to solution
avilt
Level 3
Level 3

‎08-18-2009 11:00 PM - edited ‎03-10-2019 04:39 PM

I have Cisco ACS 3.2 on widnows with cisco devices (IOS 12.3) configured with authentication. I need to enable the accounting. I just need the list of commands (changes) made on the cisco device. What is the correct authentication command? Below is the present config.

aaa group server tacacs+ tacgrp

server X.X.X.X

server Y.Y.Y.Y

!

aaa authentication login default group tacacs+ local

aaa authentication login fallback group tacacs+ enable

aaa session-id common

tacacs-server host X.X.X.X

tacacs-server host Y.Y.Y.Y

tacacs-server directed-request

tacacs-server key 7 XXXXXXXXXXXXXXXXXXX

line con 0

line vty 0 4

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lucien Avramov
Level 10
Level 10
In response to avilt

‎08-19-2009 06:42 PM

There is no accounting for SNMP.

The show snmp command on the router can tell you how many polls where done.

Example of show snmp output:

hassis: SCA043004DW

Contact: smotwani

Location: noida

56224160 SNMP packets input

0 Bad SNMP version errors

38 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

268814216 Number of requested variables

112 Number of altered variables

35437579 Get-request PDUs

20781918 Get-next PDUs

24 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

56224122 SNMP packets output

0 Too big errors (Maximum packet size 1500)

15 No such name errors

0 Bad values errors

0 General errors

56219928 Response PDUs

0 Trap PDUs

Also you can set an access-list permitting any for snmp and log the access-list that will have a counter that increments.

There is no such thing as looking in the ACS logs to know how many times snmp was accessed and by which ip address for the simple reason that authorization does not apply to snmp.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎08-19-2009 04:43 AM

!--- Following commands are for accounting the user's activity,

!--- when user is logged into the device.

aaa accounting exec default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

Hope this helps.

JK

~Jatin

Go to solution
avilt
Level 3
Level 3
In response to Jatin Katyal

‎08-19-2009 06:30 PM

Thank You, It works fine.

Is there any way to get log entries for SNMP access thru ACS?

0 Helpful

Go to solution
Lucien Avramov
Level 10
Level 10
In response to avilt

‎08-19-2009 06:42 PM

There is no accounting for SNMP.

The show snmp command on the router can tell you how many polls where done.

Example of show snmp output:

hassis: SCA043004DW

Contact: smotwani

Location: noida

56224160 SNMP packets input

0 Bad SNMP version errors

38 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

268814216 Number of requested variables

112 Number of altered variables

35437579 Get-request PDUs

20781918 Get-next PDUs

24 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

56224122 SNMP packets output

0 Too big errors (Maximum packet size 1500)

15 No such name errors

0 Bad values errors

0 General errors

56219928 Response PDUs

0 Trap PDUs

Also you can set an access-list permitting any for snmp and log the access-list that will have a counter that increments.

There is no such thing as looking in the ACS logs to know how many times snmp was accessed and by which ip address for the simple reason that authorization does not apply to snmp.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents