Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius

Hi, i would like to know if there is a way to account the commands entered by certain profile log-in to the router/switch using MS IAS method? Currently i'm using IAS radius server from my switches and routers. And i'm having problem in doing an accounting of commands.

Thanks!

5 REPLIES
New Member

Re: Radius

Actually, I just reviewed the IAS capabilities and you should be able to do accounting. Do you have accounting logging enabled on the IAS server? Do you also have the appropriate AAA accounting commands implemented. Please post your AAA accounting related commands.

Thanks.

New Member

Re: Radius

i see, just last question. Is there any unix/linux based application that can support this accounting of commands aside from Cisco ACS?

New Member

Re: Radius

Not sure, are you talking on the "Remote Acces Logging"? If so, i used the default Local file logs from the IAS server.

Below are my commands.

aaa new-model

aaa authentication login default group radius line

aaa authentication login radius_localcon local-case

aaa authorization exec default group radius if-authenticated

aaa authorization network default group radius

aaa accounting network default start-stop group radius

aaa accounting system default start-stop group radius

radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646

radius-server source-ports 1645-1646

radius-server key 7 xxxxxxxxxxx

Please feel free to suggest on how i could implement accounting with repsect to the commands that has been entered by the admin users logged-in from my routers/switches using the IAS.

Thanks!

Re: Radius

Hi,

The Cisco Systems implementation of RADIUS does not support command accounting.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schacct.htm#wp1001268

Regards,

Prem

Gold

Re: Radius

Prem is correct. All radius can do in Cisco is send the start and stop bits...no command accounting anyway. try tacacs+. (of course IAS doesn't support this).

119
Views
0
Helpful
5
Replies