Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Missing aaa accounting commands

Hi,

I might be being REALLY STUPID, but I am trying to config a 12.3 IOS router to send command accounting records to an ACS 3.3 server via RADIUS.

When a input the 'aaa accounting commands 15 default group radius' command, it is accepted by the router, but show the config, and its not there. This is the same for all command levels. This router is logging VoIP accounting records too, to the same RADIUS box, without problems.

Have I missed somthing about setting up AAA ?

Grateful for any help!

Thanks

Pete Moore

3 REPLIES
Silver

Re: Missing aaa accounting commands

I always assumed command accounting was supported by TACACS+ only.

AFAIK there arent the required values defined for the cisco-av-pair to carry all the info that gets put into T+

Also, if you're using ACS to collect the accounting, it has a dedicated CSV report to hold the T+ cmd accounting.

Darran

New Member

Re: Missing aaa accounting commands

Thanks for responding, the docs seem to read like it works for RADIUS too, we are already running RADIUS accounting for VoIP using 'aaa accounting h323'

Can anyone confirm or deny this ?

Silver

Re: Missing aaa accounting commands

Even if IOS did support it, the format of any RADIUS cmd accounting will be inferior for a couple of reasons

1) The ACS TACACS+ reports are totally geared up for this with pre-defined columns for each T+ attrbute.

2) ACS has a dedicated cmd accounting report which splits out cmds from sessions

3) To package in RADIUS, IOS would have to create many cisco-av-pair VSA instances. In the RADIUS accounting logs these will all be compressed into a single column of the format

"attr1=value1;attr2=value2;..."

Depending on what you want to do with the data this format is quite restrictive.

My advice is to enable TACACS+

Darran

218
Views
0
Helpful
3
Replies