Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Command accounting with ACS

HOw can I achive command accounting via acs I have configured devices as below but no luck

aaa accounting exec aaa-list start-stop group bwaaa

aaa accounting commands 1 aaa-list start-stop group bwaaa

aaa accounting commands 15 aaa-list start-stop group bwaaa

aaa accounting system default start-stop group bwaaa

any idea about it

4 REPLIES

Re: Command accounting with ACS

Hi,

Command accounting only works with tacacs and not with radius. Make sure bwaaa is set up as tacacs.

These logs are stored in tacacs administration report, so make sure you are checking the correct head.

Still it is not working then check acs code. Incase it is 4.1.1 then you need to apply patch 5 to fix it.

To download patch for appliance,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

For windows

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Regards,

~JG

Do rate helpful posts

New Member

Re: Command accounting with ACS

Hi, I am using 4.2 version appliance. I am using tacacs+ u can s below config for your reference

aaa new-model

aaa group server tacacs+ bwaaa

server 10.2.6.1

server 10.2.6.2

ip tacacs source-interface Vlan1111

!

aaa authentication login aaa-list group bwaaa local

aaa authentication enable default group bwaaa enable

aaa authorization exec aaa-list group bwaaa local

aaa accounting exec aaa-list start-stop group bwaaa

aaa accounting commands 1 aaa-list start-stop group bwaaa

aaa accounting commands 15 aaa-list start-stop group bwaaa

aaa accounting system default start-stop group bwaaa

!

aaa session-id common

tacacs-server host 10.2.6.1 timeout 25

tacacs-server host 10.2.6.2 timeout 25

tacacs-server timeout 25

tacacs-server directed-request

tacacs-server key cisco123

Re: Command accounting with ACS

As stated in other post, try it without any method list and get the debugs

debug aaa accounting

debug tacacs

Did you check tacacs administration logs??

New Member

Re: Command accounting with ACS

HI It worked when I did not use any method list with the default list it works.. I dont understand why it is not working with my defined list...is there any other procedure to define method list..

174
Views
0
Helpful
4
Replies
CreatePlease to create content