Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2220
Views
0
Helpful
4
Replies

TACACs server and configuration changes

mulhollandm
Level 1
Level 1

‎11-29-2005 05:24 AM

folks

we have a tacacs server used for authentication purposes but i would also like it to record any config changes made to our kit

is there a command set for this?

thanks to anyone taking the time and effort to reply

Labels:
0 Helpful
4 Replies 4

b.hsu
Level 5
Level 5

‎12-05-2005 09:28 AM

not sure if you can record config changes from the tacacs server, check out the following link for basic tacacs configuration :

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a0080093c7c.shtml

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-05-2005 10:22 AM

TACACS is a AAA server (Authentication, Authorization, and Accounting) - i.e., loosely the "A" in the FCAPS network management model (Fault, Configuration, Accounting, Performance and Security - see http://www.iec.org/online/tutorials/ems/topic03.html for more).

What you seem to be asking for is Configuration Management - the "C". Cisco's product that targets that capability is the RME component of CiscoWorks LAN Management Solution (LMS).

If all you want is configuration diff detection and archiving, take a look at the open source RANCID tool. See http://www.shrubbery.net/rancid/ for an overview and download or http://www.networkcomputing.com/showArticle.jhtml?articleID=165701527 for a review.

0 Helpful

mulhollandm
Level 1
Level 1
In response to Marvin Rhoads

‎12-06-2005 02:31 AM

many thanks for your replies folks

greatly appreciated

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mulhollandm

‎12-06-2005 08:31 AM

Michael

I believe that I understand your question a bit differently than the previous responses. If I am correct you are asking about the ability to record and report through TACACS about config changes that are made on the routers and switches in your network that currently use the TACACS server for authentication.

If your TACACS server is the Cisco ACS server then you can accomplish what you are asking using the accounting part of aaa. On the routers and switches configure accounting for commands. The syntax on routers is:

aaa accounting commands 15 default start-stop group tacacs+

The syntax on catalyst switches for config commands is:

set accounting commands enable config stop-only tacacs+

If you want to see all privilege level commands use:

set accounting commands enable enable stop-only tacacs+

If you configure this the router or switch will send records to TACACS which will record config changes. We do this routinely on routers and switches at a customer site and it works well for us.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents