Command accounting w/ RADIUS

Unanswered Question
Sep 22nd, 2009

Not having much luck getting this to work and searching the forums here everybody seems to say it is not possible unless TACACS+ is used. Is this still the case? I see the AAA/ACCT/CMD in the debug on the local switch but the RADIUS server never receives the data string except for the authentication entry.

Any way to re-classify the AAA/ACCT/CMDs and send in a syslog trap/log?

Looking for creative solutions here, TACACS+ is not available in this case.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Tue, 09/22/2009 - 07:42

Hi,

Command accounting only works with tacacs protocol.

It is not supported by radius.

HTH

Regards,

JK

Jagdeep Gambhir Tue, 09/22/2009 - 08:09

Hi,

Unfortunately you can not log any AAA information to syslog.

Now you may ask why IOS CLI allows to configure command accounting via RADIUS when it is not supported. Well, this is indeed an IOS caveat which is described in CSCdp57020 'parser should not show radius as an aaa accounting commands option' and resolved in 12.2 based IOS trains (ref. Bug Toolkit on Cisco.com).

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCdp57020

Regards,

~JG

Do rate helpful posts

Actions

This Discussion