05-11-2006 12:37 PM - edited 03-10-2019 02:34 PM
Hello,
I am confused on aaa accounting. If I wish to account all commands and the levels I have configured are say 5 and 15, do I need to include level 0 in my aaa accounting commands?
05-11-2006 08:33 PM
Hello,
By default on IOS devices we have three commands distributed over three privilege levels i.e.,
Level 0
Level 1, and
Level 15.
If you explicitly donot change the privilege level of command(s), then only commands that you require to enter in an IOS device to monitor all commands executed over device is:
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
I have defined TACACS+ as the as the accounting server, as it jells best for adminstrative purposes i.e. Shell Command authorization
Let me know if this clarifies your doubt :)
05-11-2006 09:15 PM
Ok, I think I understand. So even though I have created a privilege level 5, if I want to make sure ALL commands are accounted for then I still need to include levels 0 and 1, since accounting for level 5 will only catcht the commands explicitly configured for that level. Is this correct?
05-11-2006 09:45 PM
You got that right. Bulls eye :)
05-11-2006 10:20 PM
Great, you solved my problem, thanks!
05-12-2006 10:55 AM
Please rate it that helped, it encourages me :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide