https://community.cisco.com/t5/network-access-control/radius/m-p/785630#M420662 <HTML><HEAD></HEAD><BODY><P>Not sure, are you talking on the "Remote Acces Logging"? If so, i used the default Local file logs from the IAS server. </P><P></P><P>Below are my commands.</P><P></P><P>aaa new-model</P><P>aaa authentication login default group radius line</P><P>aaa authentication login radius_localcon local-case</P><P>aaa authorization exec default group radius if-authenticated</P><P>aaa authorization network default group radius</P><P>aaa accounting network default start-stop group radius</P><P>aaa accounting system default start-stop group radius</P><P></P><P></P><P>radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646</P><P>radius-server source-ports 1645-1646</P><P>radius-server key 7 xxxxxxxxxxx</P><P></P><P>Please feel free to suggest on how i could implement accounting with repsect to the commands that has been entered by the admin users logged-in from my routers/switches using the IAS.</P><P>Thanks!</P></BODY></HTML> Sat, 09 Jun 2007 09:28:57 GMT jigz.bagsicjr 2007-06-09T09:28:57Z https://community.cisco.com/t5/network-access-control/radius/m-p/785625#M420654 <P>Hi, i would like to know if there is a way to account the commands entered by certain profile log-in to the router/switch using MS IAS method? Currently i'm using IAS radius server from my switches and routers. And i'm having problem in doing an accounting of commands.</P><P></P><P></P><P>Thanks!</P> Sun, 10 Mar 2019 22:10:34 GMT https://community.cisco.com/t5/network-access-control/radius/m-p/785625#M420654 jigz.bagsicjr 2019-03-10T22:10:34Z https://community.cisco.com/t5/network-access-control/radius/m-p/785626#M420655 <HTML><HEAD></HEAD><BODY><P>Actually, I just reviewed the IAS capabilities and you should be able to do accounting. Do you have accounting logging enabled on the IAS server? Do you also have the appropriate AAA accounting commands implemented. Please post your AAA accounting related commands.</P><P></P><P>Thanks.</P></BODY></HTML> Thu, 24 May 2007 16:22:23 GMT https://community.cisco.com/t5/network-access-control/radius/m-p/785626#M420655 palomoj 2007-05-24T16:22:23Z https://community.cisco.com/t5/network-access-control/radius/m-p/785627#M420656 <HTML><HEAD></HEAD><BODY><P>i see, just last question. Is there any unix/linux based application that can support this accounting of commands aside from Cisco ACS?</P></BODY></HTML> Thu, 24 May 2007 16:27:15 GMT https://community.cisco.com/t5/network-access-control/radius/m-p/785627#M420656 jigz.bagsicjr 2007-05-24T16:27:15Z https://community.cisco.com/t5/network-access-control/radius/m-p/785628#M420658 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The Cisco Systems implementation of RADIUS does not support command accounting.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schacct.htm#wp1001268" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schacct.htm#wp1001268</A></P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Sat, 26 May 2007 22:53:41 GMT https://community.cisco.com/t5/network-access-control/radius/m-p/785628#M420658 Premdeep Banga 2007-05-26T22:53:41Z https://community.cisco.com/t5/network-access-control/radius/m-p/785629#M420660 <HTML><HEAD></HEAD><BODY><P>Prem is correct. All radius can do in Cisco is send the start and stop bits...no command accounting anyway. try tacacs+. (of course IAS doesn't support this).</P></BODY></HTML> Wed, 30 May 2007 13:01:27 GMT https://community.cisco.com/t5/network-access-control/radius/m-p/785629#M420660 srue 2007-05-30T13:01:27Z https://community.cisco.com/t5/network-access-control/radius/m-p/785630#M420662 <HTML><HEAD></HEAD><BODY><P>Not sure, are you talking on the "Remote Acces Logging"? If so, i used the default Local file logs from the IAS server. </P><P></P><P>Below are my commands.</P><P></P><P>aaa new-model</P><P>aaa authentication login default group radius line</P><P>aaa authentication login radius_localcon local-case</P><P>aaa authorization exec default group radius if-authenticated</P><P>aaa authorization network default group radius</P><P>aaa accounting network default start-stop group radius</P><P>aaa accounting system default start-stop group radius</P><P></P><P></P><P>radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646</P><P>radius-server source-ports 1645-1646</P><P>radius-server key 7 xxxxxxxxxxx</P><P></P><P>Please feel free to suggest on how i could implement accounting with repsect to the commands that has been entered by the admin users logged-in from my routers/switches using the IAS.</P><P>Thanks!</P></BODY></HTML> Sat, 09 Jun 2007 09:28:57 GMT https://community.cisco.com/t5/network-access-control/radius/m-p/785630#M420662 jigz.bagsicjr 2007-06-09T09:28:57Z