Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ACS SE TACACS+ Accounting fails

Hello,

I am running Cisco ACS SE 4.1.23.5. My problem is that the ACS doesn't log accounting from remote switches. I have configured the following accounting commands:

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

When I enable aaa accounting debugging, I get the following logs on the switch;

001091: Sep 12 12:06:06.464 BST: AAA/ACCT: user johndoe, acct type 3 (2684940942): Method=tacacs+ (tacacs+)

001092: Sep 12 12:06:06.665 BST: TAC+: (2684940942): received acct response status = SUCCESS

001093: Sep 12 12:06:11.128 BST: AAA/ACCT/CMD: User johndoe, Port tty2, Priv 15:

"show running-config <cr>"

001094: Sep 12 12:06:11.128 BST: AAA/ACCT/CMD: Found list "default"

001095: Sep 12 12:06:11.346 BST: AAA/ACCT: user johndoe, acct type 3 (1583033889): Method=tacacs+ (tacacs+)

001096: Sep 12 12:06:12.000 BST: TAC+: (1583033889): received acct response status = SUCCESS

001097: Sep 12 12:08:16.303 BST: AAA/ACCT/CMD: User johndoe, Port tty2, Priv 15:

"configure terminal <cr>"

001098: Sep 12 12:08:16.303 BST: AAA/ACCT/CMD: Found list "default"

001099: Sep 12 12:08:16.303 BST: AAA/ACCT: user johndoe, acct type 3 (1098049616): Method=tacacs+ (tacacs+)

001100: Sep 12 12:08:16.504 BST: TAC+: (1098049616): received acct response status = SUCCESS

001101: Sep 12 12:08:29.884 BST: AAA/ACCT/CMD: User johndoe, Port tty2, Priv 15:

It seems the switch is getting a response but the ACS doesn't log it. I have upgraded the ACS to the latest patch (4.1.23.5) which is supposed to resolve this known bug.

Is there something I am missing?

Thanks.

Edd

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cisco ACS SE TACACS+ Accounting fails

And what do u get in Tacacs Administration logs?

Regards,

Prem

7 REPLIES

Re: Cisco ACS SE TACACS+ Accounting fails

Ed,

I would suggest you to rollback patch from console and apply it again.

It could be that patch is not applied proerply.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/solution_engine/cliap.html#wp1206334

Regards,

~JG

New Member

Re: Cisco ACS SE TACACS+ Accounting fails

Hi JD,

I have tried to rollback and re-patch the ACS but it still doesn't log accounting commands.

This is the only thing that is logged in TACACS Accounting;

Date Time User-Name Group-Name Caller-Id Acct-Flags elapsed_time service bytes_in bytes_out paks_in paks_out task_id addr NAS-Portname NAS-IP-Address cmd

12/09/2007 17:17:53 johndoe IT NET ADMINS 10.1.0.60 stop 612 shell .. .. .. .. 64 .. tty1 10.1.1.3 ..

12/09/2007 17:07:42 johndoe IT NET ADMINS 10.1.0.60 start .. shell .. .. .. .. 64 .. tty1 10.1.1.3 ..

??

Re: Cisco ACS SE TACACS+ Accounting fails

And what do u get in Tacacs Administration logs?

Regards,

Prem

Re: Cisco ACS SE TACACS+ Accounting fails

As prem said, you will get command accounting logs in tacacs administration logs.

Regards,

~JG

New Member

Re: Cisco ACS SE TACACS+ Accounting fails

Hi Prem,

All along I have been looking in the wrong section. From the time I applied the patch, accounting has been logged in the Tacacs+ Administration section. The link "Tacacs+ Accounting" is a bit mis-leading.

Thanks.

New Member

Re: Cisco ACS SE TACACS+ Accounting fails

we are running Cisco Secure ACS Windows ver 4.1 and not seeing commands in the accounting. What version should we upgrade to fix this issue. if an upgrade will fix the issue.

Re: Cisco ACS SE TACACS+ Accounting fails

upgrade to version 4.1.4

OR

Apply the patch to fix the issue,

ACS SE:

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

- applACS-4.1.1.23.5.zip

- applACS-4.1.1.23.5.txt

ACS for windows:

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

- Acs-4.1.1.23.5-SW.zip

- Acs-4.1.1.23.5-Readme.txt

Regards,

Prem

268
Views
10
Helpful
7
Replies