11-25-2012 05:03 AM - edited 03-10-2019 07:49 PM
Hi
I have installed ACS appliance version 5.1.0.44 in my office.I tried to check TACACS accounting for what command the engineers used but I couldnt find the outputs.Please advse how to get it.
This is my configurtion.
aaa new-model
aaa authentication password-prompt xxxxx
aaa authentication username-prompt yyyyy
aaa authentication login telnet group tacacs+ local
aaa authentication login console group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa session-id common
Thanks and Regards,
Shahul Hameed
11-25-2012 08:06 PM
Hello Shahul-
Can you post all of your AAA configs for this router/switch? Also, did you add this network device as "AAA client" in ACS?
Thank you for rating!
11-25-2012 09:30 PM
Hi Neno
I have added the switch as client in AAA server.
Please check all my AAA config in Switch.
aaa new-model
aaa authentication password-prompt xxxxx:
aaa authentication username-prompt yyyyy:
aaa authentication login telnet group tacacs+ local
aaa authentication login console group tacacs+ local
aaa authentication login ssh group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa session-id common
ip tacacs source-interface Loopback0
tacacs-server host x.x.x.x key sdsdsdsd
tacacs-server host x.x.x.x key dsdsdsds
tacacs-server directed-request
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting exec default start-stop group radius
aaa accounting dot1x default start-stop group radius
dot1x system-auth-control
dot1x critical recovery delay 2000
dot1x critical eapol
ip radius source-interface Loopback0
radius-server dead-criteria time 15 tries 15
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server deadtime 1
radius-server directed-request
radius-server key dddsdsdds
12-16-2012 06:31 PM
I am sorry Shahul I fell behind here as I got really busy. I compared your conifgs with what I have used in the past and they look correct. So are you saying that authentication is working through ACS but when you run accounting reports no data comes up?
Thanks for rating!
12-16-2012 08:39 PM
Hi Neno
Yes I need to download accounting reports.
Thanks and Regards,
Shahul Hameed.
12-16-2012 09:56 PM
OK so what happens when you run a report under
Monitoring & Reports > | Reports > | Catalog > | AAA Protocol |
Do you see any data there after you have run a few commands on the device configured for AAA accounting ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide