AAA configuration for Radius Server

sujeer.ap · ‎10-03-2010

Dears,

I need to configure the AAA in the cisco device with Windows Radius Server 2008, I have done all the configuration on both and works fine everything except the log file content, the log file says as below,

002,5,4,87,tty4,61,5,31,10.100.10.103,4,10.100.10.55,4108,10.100.10.55,4116,9,4128,Testing_Tacacs,4154,Use Windows authentication for all users,4155,1,4129,RESTRICTED\test,4130,RESTRICTED\test,25,311 1 ::1 09/30/2010 13:39:31 56,4127,1,4136,1,4142,0

10.100.10.55,test,10/03/2010,11:46:09,IAS,AHT-001-DC-002,25,311 1 ::1 09/30/2010 13:39:31 56,4127,1,4130,RESTRICTED\test,4129,RESTRICTED\test,4155,1,4154,Use Windows authentication for all users,4108,10.100.10.55,4116,9,4128,Testing_Tacacs,4136,3,4142,16

but which does not showing what the user did in the device after logged in , can you assist on this ?

sujeer.ap · ‎10-04-2010

Please kindly help me our on this issue

I have tried to add the below command in L3 switch (3550), but unfortunately not accepting it , please let me know if any can share the thoughts, i think command provide the logs to the Radius server

aaa accounting commands 15 default start-stop group radius

wzhang · ‎10-05-2010

Hi,

RADIUS as a protocol does not support command accounting, ie., logging of commands that a users enters once authenticated to a router/switch. You will need to use TACACS+ for this purpose. The aaa command accounting commands that you used has been removed from IOS since 12.2T. Please take a look at this for details: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCdp57020.

Thanks,

Wen