08-18-2009 11:00 PM - edited 03-10-2019 04:39 PM
I have Cisco ACS 3.2 on widnows with cisco devices (IOS 12.3) configured with authentication. I need to enable the accounting. I just need the list of commands (changes) made on the cisco device. What is the correct authentication command? Below is the present config.
aaa group server tacacs+ tacgrp
server X.X.X.X
server Y.Y.Y.Y
!
aaa authentication login default group tacacs+ local
aaa authentication login fallback group tacacs+ enable
aaa session-id common
tacacs-server host X.X.X.X
tacacs-server host Y.Y.Y.Y
tacacs-server directed-request
tacacs-server key 7 XXXXXXXXXXXXXXXXXXX
line con 0
line vty 0 4
Solved! Go to Solution.
08-19-2009 06:42 PM
There is no accounting for SNMP.
The show snmp command on the router can tell you how many polls where done.
Example of show snmp output:
hassis: SCA043004DW
Contact: smotwani
Location: noida
56224160 SNMP packets input
0 Bad SNMP version errors
38 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
268814216 Number of requested variables
112 Number of altered variables
35437579 Get-request PDUs
20781918 Get-next PDUs
24 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
56224122 SNMP packets output
0 Too big errors (Maximum packet size 1500)
15 No such name errors
0 Bad values errors
0 General errors
56219928 Response PDUs
0 Trap PDUs
Also you can set an access-list permitting any for snmp and log the access-list that will have a counter that increments.
There is no such thing as looking in the ACS logs to know how many times snmp was accessed and by which ip address for the simple reason that authorization does not apply to snmp.
08-19-2009 04:43 AM
!--- Following commands are for accounting the user's activity,
!--- when user is logged into the device.
aaa accounting exec default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
Hope this helps.
JK
08-19-2009 06:30 PM
Thank You, It works fine.
Is there any way to get log entries for SNMP access thru ACS?
08-19-2009 06:42 PM
There is no accounting for SNMP.
The show snmp command on the router can tell you how many polls where done.
Example of show snmp output:
hassis: SCA043004DW
Contact: smotwani
Location: noida
56224160 SNMP packets input
0 Bad SNMP version errors
38 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
268814216 Number of requested variables
112 Number of altered variables
35437579 Get-request PDUs
20781918 Get-next PDUs
24 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
56224122 SNMP packets output
0 Too big errors (Maximum packet size 1500)
15 No such name errors
0 Bad values errors
0 General errors
56219928 Response PDUs
0 Trap PDUs
Also you can set an access-list permitting any for snmp and log the access-list that will have a counter that increments.
There is no such thing as looking in the ACS logs to know how many times snmp was accessed and by which ip address for the simple reason that authorization does not apply to snmp.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide