Command accounting w/ RADIUS

Unanswered Question
Sep 22nd, 2009
User Badges:

Not having much luck getting this to work and searching the forums here everybody seems to say it is not possible unless TACACS+ is used. Is this still the case? I see the AAA/ACCT/CMD in the debug on the local switch but the RADIUS server never receives the data string except for the authentication entry.


Any way to re-classify the AAA/ACCT/CMDs and send in a syslog trap/log?


Looking for creative solutions here, TACACS+ is not available in this case.


Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Tue, 09/22/2009 - 07:42
User Badges:
  • Cisco Employee,

Hi,


Command accounting only works with tacacs protocol.


It is not supported by radius.


HTH


Regards,

JK



Jagdeep Gambhir Tue, 09/22/2009 - 08:09
User Badges:
  • Red, 2250 points or more

Hi,

Unfortunately you can not log any AAA information to syslog.


Now you may ask why IOS CLI allows to configure command accounting via RADIUS when it is not supported. Well, this is indeed an IOS caveat which is described in CSCdp57020 'parser should not show radius as an aaa accounting commands option' and resolved in 12.2 based IOS trains (ref. Bug Toolkit on Cisco.com).


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCdp57020



Regards,

~JG


Do rate helpful posts

Actions

This Discussion