Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1804
Views
0
Helpful
2
Replies

Command accounting w/ RADIUS

dgroscost
Level 4
Level 4

‎09-22-2009 07:39 AM - edited ‎03-10-2019 04:41 PM

Not having much luck getting this to work and searching the forums here everybody seems to say it is not possible unless TACACS+ is used. Is this still the case? I see the AAA/ACCT/CMD in the debug on the local switch but the RADIUS server never receives the data string except for the authentication entry.

Any way to re-classify the AAA/ACCT/CMDs and send in a syslog trap/log?

Looking for creative solutions here, TACACS+ is not available in this case.

Thanks

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎09-22-2009 07:42 AM

Hi,

Command accounting only works with tacacs protocol.

It is not supported by radius.

HTH

Regards,

JK

~Jatin
0 Helpful

Jagdeep Gambhir
Level 10
Level 10

‎09-22-2009 08:09 AM

Hi,

Unfortunately you can not log any AAA information to syslog.

Now you may ask why IOS CLI allows to configure command accounting via RADIUS when it is not supported. Well, this is indeed an IOS caveat which is described in CSCdp57020 'parser should not show radius as an aaa accounting commands option' and resolved in 12.2 based IOS trains (ref. Bug Toolkit on Cisco.com).

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCdp57020

Regards,

~JG

Do rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents