Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
img
Community Member

TACACS queries

Hi

My ACS accounting doesn't show the Logs for commands executed . As per me, it should be under "TACACS Administration" Tab. But its blank.. Please let me know what is the problem causing no accounting for Authorized commands.

Below is the configuration on AAA client:

=~=~=~=~=~=~=~=~=~=~=~=

Switch>

Switch>

Switch>

Switch#

Switch#

Switch#

Switch#sh run

Building configuration...

Current configuration : 4068 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Switch

!

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting update newinfo

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

username bhaven privilege 15 password 7 ****************

ip subnet-zero

!

no ip igmp snooping

!

!

spanning-tree mode rapid-pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

interface FastEthernet0/1

switchport access vlan 203

switchport trunk allowed vlan 10,20

switchport mode access

spanning-tree portfast

!

interface FastEthernet0/2

switchport access vlan 203

switchport mode access

speed 100

spanning-tree portfast

!

interface FastEthernet0/3

switchport access vlan 203

switchport mode access

spanning-tree portfast

!

interface FastEthernet0/4

spanning-tree portfast

!

interface FastEthernet0/5

switchport mode access

duplex full

speed 100

spanning-tree portfast

!

interface FastEthernet0/6

switchport mode access

duplex full

speed 100

spanning-tree portfast

!

interface FastEthernet0/7

spanning-tree portfast

!

interface FastEthernet0/8

switchport mode access

spanning-tree portfast

!

interface FastEthernet0/9

spanning-tree portfast

!

interface FastEthernet0/10

spanning-tree portfast

!

!

interface Vlan1

ip address 172.20.7.26 255.255.255.0

no ip route-cache

shutdown

!

interface Vlan3

no ip address

no ip route-cache

shutdown

!

interface Vlan10

ip address 172.20.65.246 255.255.255.0

no ip route-cache

!

interface Vlan11

no ip address

no ip route-cache

shutdown

!

interface Vlan77

ip address 172.16.4.5 255.255.255.0

no ip route-cache

shutdown

!

ip default-gateway 172.20.65.3

ip http server

!

tacacs-server host 172.20.65.247 key ******

tacacs-server host 172.20.65.248 key ******

radius-server host 172.20.65.247 auth-port 1812 acct-port 1813 key ******

radius-server retransmit 3

!

line con 0

line vty 0 4

password 7 ***********

line vty 5 15

password 7 **************

!

ntp authentication-key 24 md5 ********** 7

ntp authenticate

ntp trusted-key 24

ntp clock-period 17179742

ntp server 172.20.25.221 key 24

!

monitor session 1 source interface Gi0/1

monitor session 1 destination interface Fa0/10 ingress vlan 77

end

Switch# exit

I would apprciate if somebody can help me on this.

Also my second query is when i configure two ACS servers in HA mode, primary is configure to send & secendory is configured to receive.

But in case of any failure any my primry goes down , will my configuration changes done on Secendory ACS server will sync with primary ACS when primary comes back online.

Thanks in advance!

2 REPLIES

Re: TACACS queries

Hi,

If you have acs ver 4.1.1 23 then this is a known issue, you need to apply patch ACS 4.1.1.23.5 to fix the issue.

Patch for appliance is available on,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

Patch name : ACS SE 4.1.1.23.5 accumulative patch

Patch for acs windows is available on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Patch Name:ACS 4.1.1.23.5 accumulative patch

That should fix the issue.

Second Issue,

ACS replication is always one way, from primary to secondary.

Regards,

~JG

Note: If that answers your question, then please mark this thread as resolved, so that others can benefit from it.

Silver

Re: TACACS queries

Good answer! There are 20 some odd bugs fixed. You might even consider going up to 4.1.3 p2

169
Views
9
Helpful
2
Replies
CreatePlease to create content