Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1856
Views
10
Helpful
7
Replies

TACACS+ Accounting Question

Go to solution
koguann1409
Level 1
Level 1

‎09-03-2012 07:18 AM - edited ‎03-10-2019 07:29 PM

Dear all,


I would like to know TACACS+ accounting option in cisco.

We deployed AAA machine which is Avenda in our operation network and able to capture accounting commands ONLY for valid commands. Does the TACACS+ also can capture invalid commands and send to Avenda (Our AAA machine) ?

Please help to clarify.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎09-03-2012 12:31 PM

Hi,

This is something device specific. In case of IOS it forwards only valid commands to tacacs server. Example- If we issue command "show user" it will log it and if we issue command "show dog" it will not be logged.

Hope that helps!

Regards,

~JG

Do rate helpful posts

View solution in original post

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Jagdeep Gambhir

‎09-03-2012 10:44 PM

JG:
Thanks for the info. I didn't know that unknown commands are not being logged with IOS.

Useful info though.

Thanks.

Amjad

You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"

View solution in original post

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to koguann1409

‎09-09-2012 08:15 AM

No, if the command is invalid it will not be authorized so no accounting will be performed. Keep in mind that accounting is the step that is performed after authorization. If a command is not authorized then accounting can not take place.

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎09-03-2012 12:31 PM

Hi,

This is something device specific. In case of IOS it forwards only valid commands to tacacs server. Example- If we issue command "show user" it will log it and if we issue command "show dog" it will not be logged.

Hope that helps!

Regards,

~JG

Do rate helpful posts

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Jagdeep Gambhir

‎09-03-2012 10:44 PM

JG:
Thanks for the info. I didn't know that unknown commands are not being logged with IOS.

Useful info though.

Thanks.

Amjad

You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
koguann1409
Level 1
Level 1
In response to Jagdeep Gambhir

‎09-08-2012 11:43 PM

Hi Jagdeep,

Thanks for the useful info. Understood that the IOS version does not sent invalid command. Can i know how about the IOS-XR? Because we are using that particular as well.

Thanks

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to koguann1409

‎09-08-2012 11:55 PM

Ios-xr is a little different, the software will see which task group the user is mapped to. If the command falls under the task umbrella of the user then accounting will be permitted. Also this works the same for command authorization.

0 Helpful

Go to solution
koguann1409
Level 1
Level 1
In response to Tarik Admani

‎09-09-2012 08:10 AM

Hi Thanks, but does it captured the invalid commands and send to accounting AAA server?

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to koguann1409

‎09-09-2012 08:15 AM

No, if the command is invalid it will not be authorized so no accounting will be performed. Keep in mind that accounting is the step that is performed after authorization. If a command is not authorized then accounting can not take place.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
koguann1409
Level 1
Level 1
In response to Tarik Admani

‎09-09-2012 08:41 AM

Excellent therothical reply! Great man!

0 Helpful
Customers Also Viewed These Support Documents