i dunnu the command of adding authorization & accouting, so can you help me in this regard. currently i able to see the successfull login & failed login attempts.

Hi

Hope this link will help u.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a7.html

Thanks

Mahmood

Thanks for the reply amith,

my requirement is, i wanted all the switches to authenticated via ACS, also i wanted to know what user has issued what command, currently i could able to view the users login & logout time with the time duration, apart from that in the ACS i couldn't see anything in "TACACS+ Administrator" & "Logged-in Users", what i could see the information is "TACACS+ Accounting","Passed Authentications" & "Failed Attempts"

aaa new-model

aaa authentication login default group tacacs+ enable local

aaa authentication enable default group tacacs+ enable

aaa accounting exec default start-stop group tacacs+

tacacs-server host 10.203.1.92

tacacs-server key 123456

since i am new to this ACS, i don't much about the AAA commands.

Also which one is better to use, whether the TACACS or RADIUS?

Anand,

If you want to know what user has issued what command, use the following syntax with the TACACS+,

aaa accounting commands 15 default start-stop group tacacs+ <- this is for level 15 users i.e all the Enable mode commands will be listed.

aaa accounting commands 1 default start-stop group tacacs+ <- This is for all the commands for the priviledge level>

HTH,Please rate if it does.

-amit singh

Also wanted to know which one to use, whether the TACACS or RADIUS? as you said TACACS doesn't support wireless & RADIUS supports, is that the only difference when i am really configuring it for switches/routers? i hope RADIUS is using for dail-up client where as TACACS doesn't?