Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
5
Helpful
1
Replies

ACS and AAA Help

jonchill
Level 1
Level 1

‎07-30-2006 11:51 PM - edited ‎03-10-2019 02:41 PM

I've just configured ACS and TACACS+ for access to our switches using our AD for authentication. It works fine.

What I would like to know is firstly how can I configure ACS to only allow access to our switches if you belong in a particular AD group or ACS group as at the moment anyone can login to our switches if they are a user on the domain?

Secondly is there a way within TACACS+ to audit every single command that is entered while someone is loggin into a switch?

Any help would be much appreciated.

Thanks

Jon

Labels:
0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎07-31-2006 06:20 AM

Hi Jon,

1. Refers to the previous post at:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1ddb89cb/0#selected_message

2.The audit feature that you're looking at is available for valid command once the user/admin entered 'conf t' command.

The following command can be used to monitor what commands are being entered by the user/admin:

aaa accounting network SAMPLE start-stop group tacacs+

You can see the report under ACS's "Logs and Reports" section - look for tacacs+.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7aa.html#wp1005522

*can also look under sample config.

Rgds,

AK

Customers Also Viewed These Support Documents