Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CISCO IOS How do I configure accounting for local logins?

Hi Guys,

I currently use TACACS+ with ACS to authenticate access to network devices. I also have a local account just in case the ACS servers are unreachable. As it stands now, ACS logs all my TACACS+ sessions. I would like to also log all local logins using the local account.

My probelm is I do not know how to set this up, and also where would i view the logging of these local account logons?

Here is my aaa model

(ignore the dot1x stuff, its for my wired security)

aaa new-model

!

!

aaa authentication login default group tacacs+ enable

aaa authentication dot1x default group radius

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization network default group radius

aaa accounting dot1x default start-stop group radius

aaa accounting exec default start-stop group tacacs+

!

Can anyone help with this?

Thanks,


Randy

5 REPLIES
Silver

CISCO IOS How do I configure accounting for local logins?

Randy,

The AAA accounting feature is only for the T+/Radius servers.

Show logging will show local logins but not much information.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
Community Member

CISCO IOS How do I configure accounting for local logins?

Thanks Ed,

I guess that answers that. I have one more question.

Is there a way to force logging on via TACACS+ unless the TACACS+ servers are not available, then allow local?

Randy

Silver

CISCO IOS How do I configure accounting for local logins?

Randy.

You are already configured for it.

aaa authentication login default group tacacs+ enable

Tacacs+ and then local if T+ is not available.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**


Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
Community Member

CISCO IOS How do I configure accounting for local logins?

Ed,

Thanks again. I thought i was, i just didnt see a command that had the key word "local". But i guess by stating i want T+ to be default, it will try that first, then fail to local?

Thanks again for your help Ed,

Randy

Silver

CISCO IOS How do I configure accounting for local logins?

Randy,

You have "enable" so you will fallback to local enable secret.

If you choose "local" you will fallback to local username and password.

Do mark this post as resolved so other can also benefit when you get time.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
253
Views
0
Helpful
5
Replies
CreatePlease to create content