aaa accounting commands levels

akota · ‎05-11-2006

Hello,

I am confused on aaa accounting. If I wish to account all commands and the levels I have configured are say 5 and 15, do I need to include level 0 in my aaa accounting commands?

premdeep.banga · ‎05-11-2006

Hello,

By default on IOS devices we have three commands distributed over three privilege levels i.e.,

Level 0

Level 1, and

Level 15.

If you explicitly donot change the privilege level of command(s), then only commands that you require to enter in an IOS device to monitor all commands executed over device is:

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

I have defined TACACS+ as the as the accounting server, as it jells best for adminstrative purposes i.e. Shell Command authorization

Let me know if this clarifies your doubt :)

akota · ‎05-11-2006

Ok, I think I understand. So even though I have created a privilege level 5, if I want to make sure ALL commands are accounted for then I still need to include levels 0 and 1, since accounting for level 5 will only catcht the commands explicitly configured for that level. Is this correct?

premdeep.banga · ‎05-11-2006

You got that right. Bulls eye :)

akota · ‎05-11-2006

Great, you solved my problem, thanks!

premdeep.banga · ‎05-12-2006

Please rate it that helped, it encourages me :)