cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
277
Views
0
Helpful
2
Replies

ACS command authorization report in conf t mode

Hi, this is probably a quick one, but I couldnt find a solution so far.

We are using command authorization via ACS and are thus able to see (in case of any issues) who has entered which commands at which time on which device. But this only works until someone enters conf t mode. After that I am not getting log entries in the ACS (Version 5). I can see all show commands and who entered the configuration mode, but nothing after that. Config snippet:

 

aaa new-model
aaa authentication attempts login 5
aaa authentication login default group tacacs+ local line enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local 
aaa authorization commands 1 default group tacacs+ local 
aaa authorization commands 15 default group tacacs+ local 
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common

 

My guess is that I allow all commands with that and thus no authorization is needed. 

Any idea?


Thanks

Chris

1 Accepted Solution

Accepted Solutions

johnd2310
Level 8
Level 8

Hi

Which report are you looking at? Have a look at both the Tacacs Accounting and the Tacacs Authorization  reports.

 

Thanks

John

**Please rate posts you find helpful**

View solution in original post

2 Replies 2

johnd2310
Level 8
Level 8

Hi

Which report are you looking at? Have a look at both the Tacacs Accounting and the Tacacs Authorization  reports.

 

Thanks

John

**Please rate posts you find helpful**

Thanks! I only looked at TACACS+ Authorization report, but the information I was looking for is in the TACACS+ Accounting report.