Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1633
Views
4
Helpful
4
Replies

AAA Radius accounting command is not taking in 3750 switch

aritra.sunny
Level 1
Level 1

‎08-21-2013 07:04 AM - edited ‎03-10-2019 08:48 PM

       Hi Cisco Support community,

I am facing a issue with radius accounting in Cisco 3750 switch with version 12.2. I am unable to start accounting for radius server.

This is the config that is on the switch for Radius.

aaa authentication login default group radius local

aaa authentication dot1x default group radius

aaa authorization exec my-authradius group radius if-authenticated.

radius-server attribute 6 on-for-login-auth

radius-server dead-criteria time 20 tries 5

radius-server host 10.100.1.225 auth-port 1645 acct-port 1646 key 7 14341A5801103F3904266021

radius-server host 10.100.1.226 auth-port 1645 acct-port 1646 key 7 05280E5C2C585B1B390B4406

When i try to add the following command for accounting, this is not saving.

(aaa accounting commands 0 default start-stop group radius

aaa accounting commands 1 default start-stop group radius

aaa accounting commands 15 default start-stop group radius)

If i do paste this command one by one after start-stop group it is showing only two options either tacacs+ or server, no radius option is there as well.

I  tried to create a server group and add the radius server  in the group.  Even then when i am trying to implement the aaa accounting command with the server command it is not showing in show run.

Can anyone please help me with this issue.

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Amjad Abdullah
VIP Alumni
VIP Alumni

‎08-22-2013 02:52 AM

I think this is normal.

"accounting commands" part works with TACACS+ only.

Try to use "accounting network" instead if that helps.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

roberto.redes
Level 1
Level 1
In response to Amjad Abdullah

‎08-22-2013 07:45 AM

Amjad,

Help me, please. The configuration works in 3560 (Version 12.2(44)SE5), but not work in 6509 (Version 12.2(50r)SYS2). Do you know why?

Thanks,

Roberto

aaa new-model

aaa group server radius net-manager
server x.x.x.x
exit
aaa authentication login default local
aaa authentication login remote-access group radius
aaa authorization network default local
aaa accounting connection infra start-stop group radius            

radius-server host x.x.x.x key xxxxxx

line vty 0 15
accounting connection infra
login authentication remote-access

0 Helpful

aritra.sunny
Level 1
Level 1

‎08-22-2013 07:39 AM

Hi,

thanks for your reply but the thing is that  i want to see the command that are being run by a user on  this particular device. If i use the network command it will only show me the  network-related service requests, including Serial Line Internet Protocol (SLIP), PPP, PPP Network Control Protocols (NCPs), and AppleTalk Remote Access Protocol (ARAP).

I have read the document from this link and it is stating that we can use command accounting. Below is the link

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html

Can anyone please tell me if this a version issue because even in version 15.4 i was not seeing the radius option in the end

aaa accounting commands 15 default start-stop group (radius)- in radius place it was showing only Tacacs+ or group.

0 Helpful
Customers Also Viewed These Support Documents