Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1699
Views
0
Helpful
2
Replies

Radius Accounting on switches

carl_townshend
Spotlight
Spotlight

‎12-06-2019 03:54 AM

Hi All

Can anyone tell me if it is possible for Windows NPS radius server to log commands that have been done via aaa accounting on the switches?

I have added the commands to the switch 

aaa accounting exec default start-stop group NPS

aaa accounting commands 15 default start-stop group NPS

would this be enough for the Windows radius to log the commands?

cheers

Labels:
0 Helpful
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎12-06-2019 08:14 AM

Hi,

Have a look at this document. It has the config for the NPS and also the switch.

 

https://www.freeccnaworkbook.com/blog/ccna-security/cisco-ios-radius-authentication-with-windows-server-2012-nps

HTH

0 Helpful

andrew.butterworth
Level 7
Level 7

‎12-06-2019 08:42 AM

I don't think this works with Radius.  I have just enabled some debugging and tried adding accounting to a Radius server group on a Catalyst 3650 switch and get the following message on the console:

 

005519: Dec  6 16:38:42.746 GMT: %AAAA-4-SERVNOTACPLUS: The server-group "Radius-Servers" is not a tacacs+ server group. Please define "Radius-Servers" as a tacacs+ server group.
005520: Dec  6 16:38:42.747 GMT: %PARSE_RC-4-PRC_NON_COMPLIANCE: `aaa accounting commands 15 default start-stop group Radius-Servers '

 

And it doesn't accept the commands - or at least it doesn't add them to the configuration.

 

HTH
Andy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card