Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS+ Administration Report - Reason column?

On the TACACS+ Administration Report, there is a reason column. Does anyone know how I would use this?

I'm looking for a solution to this problem. We have multiple scripts that log into our routers for various reasons. Instead of having to create 7 different username/password combinations so I can see when each script is logging into the router (and what it is doing), I was hoping to be able to pass a string that would identify this function and only use one username. Not sure if this is possible. Any other suggestions appreciated.

1 REPLY
Silver

Re: TACACS+ Administration Report - Reason column?

The "reason" column gets filled in when logins/cmds are filtered by NARs. It would tell you which NAR caused the login to be rejected.

On the ACS side you could add a custom command whose authorisation would get logged in the T+ admin logs. Only issue is what IOS would do with the unknown command?

A cludge might be to add "ping " into the script?? Im sure there's a better way!

In my time at Cisco I often asked why there wasnt better change management built into IOS so that, for example you could enter some reference into IOS when you enable, and have that value included in each command authorisation. Seemed really simple and useful to me!

Darran

137
Views
0
Helpful
1
Replies