I need to know if there is a way when a user logs in a router or a switch and make a change that change must be logged in some way and all configuration changes must be seen somewhere. I know i can see in the show log that a user changed the configuration but i don't know what he did? i also managed to achieve to log when a configuration changed done by this command
service timestamps log datetime msec localtime show-timezone
If you want to authenticate, audit and authorize what commands a user/admin user can or allowed to execute, use TACACS instead of RADIUS.
RADIUS cannot do detail audit, it's limited to the info when the session started, ended, time and so on. No details on commands.
One of the obvious difference between RADIUS and TACACS is, RADIUS is used to authenticate incoming access from the client/normal user via whatever devices, e.g VPN server or remote access server. This service allows users/clients to access services behind the VPN server device (passing through). It is just merely to authenticate and validate users, not to verify/check what commands has been executed.
TACACS (or TACACS+), is a management protocol for a device, e.g cisco routers and switches, to authenticate, audit and authorize what command an admin user can or allowed to execute when doing configuration or administration tasks on the devices. So, if your intention is to do full AAA, then use TACACS+ instead of RADIUS.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :