Missing aaa accounting commands

moorep6cco · ‎10-20-2006

Hi,

I might be being REALLY STUPID, but I am trying to config a 12.3 IOS router to send command accounting records to an ACS 3.3 server via RADIUS.

When a input the 'aaa accounting commands 15 default group radius' command, it is accepted by the router, but show the config, and its not there. This is the same for all command levels. This router is logging VoIP accounting records too, to the same RADIUS box, without problems.

Have I missed somthing about setting up AAA ?

Grateful for any help!

Thanks

Pete Moore

darpotter · ‎10-20-2006

I always assumed command accounting was supported by TACACS+ only.

AFAIK there arent the required values defined for the cisco-av-pair to carry all the info that gets put into T+

Also, if you're using ACS to collect the accounting, it has a dedicated CSV report to hold the T+ cmd accounting.

Darran

moorep6cco · ‎10-20-2006

Thanks for responding, the docs seem to read like it works for RADIUS too, we are already running RADIUS accounting for VoIP using 'aaa accounting h323'

Can anyone confirm or deny this ?

darpotter · ‎10-20-2006

Even if IOS did support it, the format of any RADIUS cmd accounting will be inferior for a couple of reasons

1) The ACS TACACS+ reports are totally geared up for this with pre-defined columns for each T+ attrbute.

2) ACS has a dedicated cmd accounting report which splits out cmds from sessions

3) To package in RADIUS, IOS would have to create many cisco-av-pair VSA instances. In the RADIUS accounting logs these will all be compressed into a single column of the format

"attr1=value1;attr2=value2;..."

Depending on what you want to do with the data this format is quite restrictive.

My advice is to enable TACACS+

Darran