I have configured "aaa accounting commands 15 default start-stop group AAA" in cisco switch, but it'...

Bharat Sharma · ‎02-27-2019

Hi,

I have configured "aaa accounting commands 15 default start-stop group AAA" in Cisco 2960 switch & IOS 15. I have write the configuration, but when I check the switch configuration & the command which I configured in switch is not showing in switch configuration.

I have check the same in “show configuration | include aaa accounting commands” is not showing. Please help me the same.

Mark Malone · ‎02-27-2019

Hi
Here is some AAA config off 1 of my 2960s running v15 can be seen ok , have you turned on triple aaa yes ?
please post the full AAA config you have setup , below is a working example with names removed

#sh run | i aaa
aaa new-model
aaa group server tacacs+ xxxxxxxx
aaa group server radius xxxxxxxx
aaa authentication login default group xxxxxxxx local enable
aaa authentication enable default group xxxxxxxx enable
aaa authentication dot1x default group xxxxxxxx
aaa authorization exec default group xxxxxxxx local
aaa authorization network default group xxxxxxxx
aaa accounting update newinfo periodic 2880
aaa accounting dot1x default start-stop group xxxxxxxx
aaa accounting exec default start-stop group xxxxxxxx
aaa accounting commands 0 default start-stop group xxxxxxxx
aaa accounting commands 1 default start-stop group xxxxxxxx
aaa accounting commands 5 default start-stop group xxxxxxxx+
aaa accounting commands 15 default start-stop group xxxxxxxx
aaa accounting network default start-stop group xxxxxxxx
aaa accounting connection default start-stop group xxxxxxxx
aaa accounting system default start-stop group xxxxxxxx
aaa server radius dynamic-author
aaa session-id common
#sh ver | i 15
* 1 28 WS-C2960S-24TS-L 15.2(2)E8 C2960S-UNIVERSALK9-M

Bharat Sharma · ‎02-27-2019

Pls find below configuration of AAA, but it's not showing.

sh run | i aaa
aaa new-model
aaa group server radius AAA
aaa authentication fail-message ^CC Wrong Credentials ^C
aaa authentication password-prompt Password:
aaa authentication username-prompt Username:
aaa authentication login default group AAA local
aaa authentication enable default enable
aaa authorization config-commands
aaa authorization exec default group AAA local
aaa accounting exec default start-stop broadcast group AAA
aaa accounting network default start-stop group AAA
aaa accounting connection default start-stop group AAA
aaa accounting system default start-stop group AAA
aaa session-id common

Mark Malone · ‎02-27-2019

so it doesnt show in global config but when you do------- show run | i aaa------- it does ?

does it show up in---- show run all----- , the full running output ?

its a 2960 so there shouldn't be any EEM scripts hiding it

what privilege level are you when your logged in -----sh privilege

Bharat Sharma · ‎02-27-2019

No it's not showing in show run | i aaa & show run all.

What is EEM scripts ?

#sh privilege
Current privilege level is 15

Mark Malone · ‎02-27-2019

its scripting that would allow you to block certain outputs in show run , i use it in my routers to block extensive code i don't want to see in running config like below , i hide my menus

have you saved it when configured and then tried show run ?

you ahve the right level and it works on lanbase low license so should be showing

event manager applet MenuBlock
description Hide Menu And Alias Syntax From Running-Config Output
event cli pattern "show running-config[[ ]]*$" sync yes default 2000 maxrun 1200
action 111 cli command "enable"
action 112 cli command "show run | excl menu|alias"
action 113 puts "$_cli_result"
action 114 set _exit_status "0"
action 115 comment "End Script As Show Run Complete, Any Issue Check - Show event manager history events"
!

Mark Malone · ‎02-27-2019

also check the show startup file , if saving it didnt work for show run

Bharat Sharma · ‎02-28-2019

Yes I saved the configuration & checked, but it's not showing.

I check the startup configuration to sue below command, but it's not shjowing.

#show startup-config

Mark Malone · ‎02-28-2019

My next step would be change the IOS version then , theres no valid reason why its not showing if its taking the config fine in conf t mode , could be software related seems odd though as its standard syntax

Bharat Sharma · ‎02-28-2019

Hi Mark,

I have run the same command in Cisco 2960 Switch with IOS version 12 & 15, 3850 with IOS-WE version 03.06.06E, 6880 with IOS Version 15 & Cisco Router 2921 with IOS Version 15.

Please let me know which version is requir.

Mark Malone · ‎02-28-2019

Then something else is wrong im running 3.6.6 on 3850s and its working fine and v15 , AAA takes config no problem
can you post the show run off one of the effected switches and see if something else is causing this issue , cant have multiple versions of different ios effected running standard syntax , has to be the way is being done or something in config preventing it being added

Bharat Sharma · ‎03-05-2019

Hi Mark,

I am not able to share #show run off any switch, but I can share AAA configuratuion which we had done in switch.

aaa authentication fail-message ^CCCC Wrong Credentials ^C
aaa authentication password-prompt Password:
aaa authentication username-prompt Username:
aaa authentication login default group AAA local
aaa authentication enable default enable
aaa authorization config-commands
aaa authorization exec default group AAA local
aaa accounting exec default start-stop broadcast group AAA
aaa accounting network default start-stop group AAA
aaa accounting connection default start-stop group AAA
aaa accounting system default start-stop group AAA

LEADX · ‎12-04-2019

I have run into the same issue.

I am executing the following command in CLI:

aaa accounting commands 15 default start-stop group group1

However, it is not showing up in the running-config.

IOS Version 15.2(3r)E1, RELEASE SOFTWARE (fc1)

Does anyone know how to fix the issues?

Regards,

I have configured "aaa accounting commands 15 default start-stop group AAA" in cisco switch, but it's not showing running configuration