Hi -
I just started using ACS. I wasn't part of the set up so and there isn't
anyone I can ask about this. I have couple of questions which are
probably pretty simple but I don't see the answers in the docs.
My config is this:
username blah password blahblah
aaa new-model
aaa group server tacacs+ acs-servername
server x.x.x.x (ip of our acs server)
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting update newinfo
aaa accounting commands 0 default start-stop group taca
aaa accounting commands 15 default start-stop group tac
aaa accounting connection default start-stop group taca
aaa accounting system default start-stop group tacacs+
The first question has to do with the Logged In Users report.
When I look in the reports area, there are a couple of reports
that I think should have data but are empty. Logged-in users
is always empty, even when I'm logged into our AAA test network
device.
The second question has to do with the TACACS+ accounting
and administration reports. The various commands executed
on the network device are showing up in the Admin log, not
Accounting. Is this the way it's supposed to be?
I have 2 accounting command statements. My intention was
to log all 0 level as well as 15 level commands. Is this
the right approach? By using the bottom and top values,
I hoped the commands would be inclusive for the range. Is
that a viable solution?
Also, as you look at the config above, feel free to nit-pick any
inconsistencies you see.
Thanks for your help.
Kim