Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS config Problem

I have ACS solution engine, I made a NDG on ACS and add AAA server and AAA client. I also made a user in default group 1. The same user exist

in rotuer local database just on the safe side. But I am not able to see any activitiy in ACS reporting window,

not able to see any logged user in ACS.

The following is the configuration that I did on ACS engine and router

aaa authentication login default group tacacs+ local

aaa authorization exec authorization group tacacs+ local

aaa accounting commands 15 accounting start-stop group tacacs+

username cisco password cisco123

tacacs-server host 172.28.31.132

tacacs-server key <tacacs-shared-key>

ip tacacs source-interface gig 0/1

username cisco password cisco123

3 REPLIES

Re: ACS config Problem

You mean you can authenticate fine but do not see any command accounting ? If that is the case,then pls note that Command accounting logs are stroed in tacacs administration logs.

Also there is a known issue on ver 4.1.1 and we need to apply patch ACS 4.1.1.23.5 to fix the command accounting issue.

Patch for appliance is available on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

Patch name : ACS SE 4.1.1.23.5 accumulative patch

Patch for acs windows is available on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Patch Name : ACS 4.1.1.23.5 accumulative patch

That should fix the issue,

Regards,

~JG

New Member

Re: ACS config Problem

but I am not able to see complete logging of all commands that I am using during the session. I configure the following things on router

aaa new-model

aaa authentication login default group radius local

aaa authorization exec authorization group radius

aaa accounting commands 15 accounting start-stop group radius

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

radius-server host 172.28.31.132

radius-server key waridtel0321

ip radius source-interface gig 0/1

Please tell me how i can see which activities user has performed during the session. detail of command.

Can i use tacacs for authentication and radius for accounting. I tried it but it didnt work for me.

Please guide I will be very greatful to you.

in Tacacs accounting CSV file, it shows me only login time, user id and service shell, i want to see detail of command that user has used during the session.

I have attached both CSV files that i got when trying with tacacs and radius for accounting.

Re: ACS config Problem

Command accounting is only possible via Tacacs and not radius.

So you need to use tacacs and these logs would be logged in tacacs administration logs.

Regards,

~JG

Do rate helpful posts

120
Views
0
Helpful
3
Replies