cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
347
Views
0
Helpful
1
Replies

TACACS+ Administration Report - Reason column?

mdcarey15
Level 1
Level 1

On the TACACS+ Administration Report, there is a reason column. Does anyone know how I would use this?

I'm looking for a solution to this problem. We have multiple scripts that log into our routers for various reasons. Instead of having to create 7 different username/password combinations so I can see when each script is logging into the router (and what it is doing), I was hoping to be able to pass a string that would identify this function and only use one username. Not sure if this is possible. Any other suggestions appreciated.

1 Reply 1

darpotter
Level 5
Level 5

The "reason" column gets filled in when logins/cmds are filtered by NARs. It would tell you which NAR caused the login to be rejected.

On the ACS side you could add a custom command whose authorisation would get logged in the T+ admin logs. Only issue is what IOS would do with the unknown command?

A cludge might be to add "ping " into the script?? Im sure there's a better way!

In my time at Cisco I often asked why there wasnt better change management built into IOS so that, for example you could enter some reference into IOS when you enable, and have that value included in each command authorisation. Seemed really simple and useful to me!

Darran

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: