08-21-2013 07:04 AM - edited 03-10-2019 08:48 PM
Hi Cisco Support community,
I am facing a issue with radius accounting in Cisco 3750 switch with version 12.2. I am unable to start accounting for radius server.
This is the config that is on the switch for Radius.
aaa authentication login default group radius local
aaa authentication dot1x default group radius
aaa authorization exec my-authradius group radius if-authenticated.
radius-server attribute 6 on-for-login-auth
radius-server dead-criteria time 20 tries 5
radius-server host 10.100.1.225 auth-port 1645 acct-port 1646 key 7 14341A5801103F3904266021
radius-server host 10.100.1.226 auth-port 1645 acct-port 1646 key 7 05280E5C2C585B1B390B4406
When i try to add the following command for accounting, this is not saving.
(aaa accounting commands 0 default start-stop group radius
aaa accounting commands 1 default start-stop group radius
aaa accounting commands 15 default start-stop group radius)
If i do paste this command one by one after start-stop group it is showing only two options either tacacs+ or server, no radius option is there as well.
I tried to create a server group and add the radius server in the group. Even then when i am trying to implement the aaa accounting command with the server command it is not showing in show run.
Can anyone please help me with this issue.
08-22-2013 02:52 AM
I think this is normal.
"accounting commands" part works with TACACS+ only.
Try to use "accounting network" instead if that helps.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
08-22-2013 07:45 AM
Amjad,
Help me, please. The configuration works in 3560 (Version 12.2(44)SE5), but not work in 6509 (Version 12.2(50r)SYS2). Do you know why?
Thanks,
Roberto
aaa new-model
aaa group server radius net-manager
server x.x.x.x
exit
aaa authentication login default local
aaa authentication login remote-access group radius
aaa authorization network default local
aaa accounting connection infra start-stop group radius
radius-server host x.x.x.x key xxxxxx
line vty 0 15
accounting connection infra
login authentication remote-access
08-22-2013 07:39 AM
Hi,
thanks for your reply but the thing is that i want to see the command that are being run by a user on this particular device. If i use the network command it will only show me the network-related service requests, including Serial Line Internet Protocol (SLIP), PPP, PPP Network Control Protocols (NCPs), and AppleTalk Remote Access Protocol (ARAP).
I have read the document from this link and it is stating that we can use command accounting. Below is the link
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html.
Can anyone please tell me if this a version issue because even in version 15.4 i was not seeing the radius option in the end
aaa accounting commands 15 default start-stop group (radius)- in radius place it was showing only Tacacs+ or group.
10-03-2013 01:40 PM
Hello,
Please verify commands with
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide