cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1152
Views
0
Helpful
4
Replies

TACACS+ Problems

r.mashruwala
Community Member

I am facing following problems :

1. Logged in users is not showing any user list

2. TACACS+ Accounting is not working. No log file generated though there is activity.

We have installed

TACACS+ (ACS version 3.0)

Installed on NT 4.00 (Build 1381)

Service pack 6 (128 bit high encryption)

Internet Explorer 5.5.50.4807.2300

4 Replies 4

yusuff
Cisco Employee
Cisco Employee

Go to System Configuration > Logging and make sure if the CSV TACACS+ Accounting is enabled.

Other than that, hope you have configured AAA accounting on the router correctly, is yes, then do 'debug accounting' on the router and see if the accounting packets are being sent to the ACS, is not, then your problem is on the router.

HTH

R/Yusuf

Thnx Yusuf for prompt reply.

CSV TACACS + Accounting is enabled in logging on ACS.

Router command is added as "aaa accounting commands 15 default stop-only group tacacs+ "

Wht abt loggin user list also it does not display.

that explains then

aaa accounting commands 15 default stop-only group tacacs+

is not enough to display logged-in users on ACS, you need to enable following

(if users are logged-in on the router)

aaa accounting exec default start-stop|stop-only group tacacs+

(if users are dialin users using PPP etc)

aaa accounting network default start-stop|stop-only group tacacs+

http://www.cisco.com/warp/public/480/csntfaq.html#Q28

HTH

R/Yusuf

aaa accounting started working. Thanks

But logged in users list still problem. checked the url given by u.

For authentication packet I hv checked sysytem configuration -->Logging -->CSV passed Authentication -->logged attributes are NAS-Port & NAS-IP Address alongwith other three.

For accounting start & stop packet, I hv checked sysytem configuration -->Logging -->CSV TACACS+ Accounting -->logged attributes are NAS-Portname & NAS-IP-Address but session-id & framed-ip-address are not there.