Re: Tracking the executed commands

kendo.igor · ‎07-13-2007

We are using Microsoft IAS Radius server for authentication to a large number of Cisco routers in our organization. Is it possible to log the commands that are entered on routers (Whether console or telnet session) for audit purposes? If so, is there a document on how to do implement it?

parmsing · ‎07-13-2007

Hi,

That is very much possible but I am not sure if IAS logging supports it. Here are the commands we need to configure on IOS devcie.

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+/Radius

aaa accounting commands 1 default start-stop group tacacs+/Radius

aaa accounting commands 15 default start-stop group tacacs+/Radius

HTH

Parminder

Premdeep Banga · ‎07-13-2007

Unfortunately its not possible using IAS, as it only supports Radius protocol.

And you are looking for is covered under TACACS+ protocol (Cisco ACS)

Regards,

Prem

parmsing · ‎07-13-2007

Hi,

My apologies for the incorrect information, I recreated this issue and Prem is correct, we cannot configure radius accounting for the commands. Tacacs is the only option available for the command accounting.

Thanks

Parminder

Collin Clark · ‎07-13-2007

Check this out.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f73.html

HTH and please rate.

Richard Burts · ‎07-14-2007

Collin

This is a very neat feature that I was not aware of. I believe it deserves the 5 rating that I gave it.

HTH

Rick

HTH

Rick

royalblues · ‎07-14-2007

Indeed a very good feature.

rated :-)

Narayan

nspasov · ‎07-10-2013

The link no longer seems to be valid. What is the neat/good feature that you guys are talking about ??