Problems with accounting on FWSM

Unanswered Question
Feb 7th, 2010

Hello

I configured aaa on FWSM, it works great expect the accounting for telnet and ssh. This is my configuration

aaa-server tacacs+ protocol tacacs+
aaa-server tacacs+ (inside) host xxxxxxx
key xxxxxxxxxx
aaa-server tacacs+ (inside) host xxxxxxxx
key xxxxxxxxxxxxx
aaa authentication telnet console tacacs+ LOCAL
aaa authentication ssh console tacacs+ LOCAL
aaa authentication enable console tacacs+ LOCAL
aaa accounting telnet console tacacs+
aaa accounting ssh console tacacs+

I am using ACS 4.1, with this config I aspect to see in Report activities -> TACACS+ Accounting a report when I login CLI by telnet or ssh? Is right, or I am wrong?

Can you please help me to find where is my mistake?

Thank you in advice.

Best regards Antonello.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Sun, 02/07/2010 - 06:24

Hello

I configured aaa on FWSM, it works great expect the accounting for telnet and ssh. This is my configuration

aaa-server tacacs+ protocol tacacs+
aaa-server tacacs+ (inside) host xxxxxxx
key xxxxxxxxxx
aaa-server tacacs+ (inside) host xxxxxxxx
key xxxxxxxxxxxxx
aaa authentication telnet console tacacs+ LOCAL
aaa authentication ssh console tacacs+ LOCAL
aaa authentication enable console tacacs+ LOCAL
aaa accounting telnet console tacacs+
aaa accounting ssh console tacacs+

I am using ACS 4.1, with this config I aspect to see in Report activities -> TACACS+ Accounting a report when I login CLI by telnet or ssh? Is right, or I am wrong?

Can you please help me to find where is my mistake?

Thank you in advice.

Best regards Antonello.

Hi Antonello,

Configuration are ok Login reports for any configured device in acs will be shown in passed authentication as sucessful authentication and  in TACAS accounting only start and stop session for your authentication will be given with session id.

Hope to help

Ganesh.H

antonello.moneta Mon, 02/08/2010 - 00:21

Dear Ganesh and Farrukh, thank you a lot for you help.

What you said Ganesh is exactly what I aspect to see. But when I login in the device I see a Passed Authentication report but nothing in Tacacs Accounting. I tried also to config command accounting and it was working great and I could find reports of commands I typed in TACACS Administration. Anyway for the other devices(routers and switches ) TACACS Accounting is working.

I don't think is also a bug which Farrukh sent. Because is about TACACS Administration logs.

For your experience how can I check if the info are received form ACS? I mean there is like a debug command in ACS? Using debug aaa accounting I see that FWSM is sending info to ACS.

Any other tips and ideas are welcome.

Thank you really much,

Best regards Antonello.

Jagdeep Gambhir Mon, 02/08/2010 - 08:20

Hi An,


If accounting is wokring for router and switch then its doesn't look like ACS issue. Run debugs on FWSM,


debug tacacs 

debug aaa authentication

debug aaa accounting



Now check if it is sending accounting packets.




Regards,

~JG


Do rate helpful posts

antonello.moneta Wed, 02/10/2010 - 08:30

Hi JG,

thanks for your answer.

I already tried

here the result:

XXXXXXXX/admin# debug aaa accounting
XXXXXXXX/admin# start accounting for user: userX, session id: 549453844
stop accounting for user: amoneta, session id: 549453844

I am confiused, because all seems work great except I cannot get the ACS reports accouting.

Thanks a lot for your help.

Best Regards An(I like the way you call me).

Eli Barb Wed, 12/15/2010 - 14:22

Have you applied the 'aaa accounting command [tacacs+-server-tag]' command to your configuration.

To send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode. To disable support for command accounting, use the no form of this command.

Eli

Actions

This Discussion

Related Content