I am trying to set up accounting from several FWSM contexts to a couple of (new) ACS servers. It generally works, but there are a few issues. This is the aaa configuration in the context I'm testing with:

aaa-server tacacs-auth protocol tacacs+

reactivation-mode timed

max-failed-attempts 2

aaa-server tacacs-auth (dept-outside) host 10.1.26.218

key tacacs-secret

aaa-server tacacs-auth (dept-outside) host 10.1.26.219

key tacacs-secret

aaa-server tacacs-acct protocol tacacs+

aaa-server tacacs-acct (dept-outside) host 10.1.26.219

key tacacs-secret

aaa-server tacacs-acct (dept-outside) host 10.1.26.218

key tacacs-secret

username local-admin password xxxxxxxx encrypted privilege 15

aaa authentication ssh console tacacs-auth LOCAL

aaa accounting command tacacs-acct

aaa accounting ssh console tacacs-acct

aaa accounting enable console tacacs-acct

The problems:

1. Although the "TACACS Accounting" and "Passed Authentications" logs show the correct username for the ssh sessions, the "TACACS Administration" log just shows "enable_15". What do I need to do to get the correct username in the Administration log?

2. In the "Failed Attempts" and "Passed Authentications" logs, the Caller ID attribute gives me the correct client ip address. But in the "TACACS Accounting" and "TACACS Administration" logs, this same attibute just shows up as 0.0.0.0. Is it possible to get the client ip address in these logs?

3. As you can see from the configuration above, I'm using the same servers for authentication and for accounting, but in the opposite order. However, my accounting info goes to the same server as my authentication requests. How do I determine why this is happening?

Also, is it possible to get command accounting to include show and enable commands?

Oh, yeah ... FWSM is 3.1(15) and ACS SE is 4.2.0.124.

Thanks.

Larry Owen