Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

aaa accounting commands levels

Hello,

I am confused on aaa accounting. If I wish to account all commands and the levels I have configured are say 5 and 15, do I need to include level 0 in my aaa accounting commands?

5 REPLIES
New Member

Re: aaa accounting commands levels

Hello,

By default on IOS devices we have three commands distributed over three privilege levels i.e.,

Level 0

Level 1, and

Level 15.

If you explicitly donot change the privilege level of command(s), then only commands that you require to enter in an IOS device to monitor all commands executed over device is:

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

I have defined TACACS+ as the as the accounting server, as it jells best for adminstrative purposes i.e. Shell Command authorization

Let me know if this clarifies your doubt :)

New Member

Re: aaa accounting commands levels

Ok, I think I understand. So even though I have created a privilege level 5, if I want to make sure ALL commands are accounted for then I still need to include levels 0 and 1, since accounting for level 5 will only catcht the commands explicitly configured for that level. Is this correct?

New Member

Re: aaa accounting commands levels

You got that right. Bulls eye :)

New Member

Re: aaa accounting commands levels

Great, you solved my problem, thanks!

New Member

Re: aaa accounting commands levels

Please rate it that helped, it encourages me :)

151
Views
0
Helpful
5
Replies
CreatePlease login to create content