dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1937
share rss forum feed

kamal1352

join:2008-04-27
ir

Problem in ACS4.1 and user monitoring

Hi all,
I have a ACS 4.1 and many routers, I set radius protocol between my routers and ACS and now I can it, but I need to config routers and ACS for this :
If a user telnet to router I can see all commands which he type in telnet consol
for example if User1 authenticated and type en and password and then type show run I can see all his action in ACS log my router config is:

aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius if-authenticated
aaa accounting exec default start-stop group radius
aaa session-id common
username poweruser privilege 15 password power
ip radius source-interface Fastethernet0/0
radius-server host 192.168.1.5 auth-port 1645 acct-port 1646 key test
radius-server directed-request
!
and I select all fields for all logs but I see only start and stop settion
Could you help me?
Thanks
Kamal


ladino

join:2001-02-24
USA
kudos:1

1 edit

I would suggest switching from Radius to Tacacs. Radius is not as useful for router management. Tacacs+ gives you more options & in addition control over which CLI can or cannot be executed as well

!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ none
aaa authorization exec default group tacacs+ local 
aaa authorization commands 1 default group tacacs+ 
aaa authorization commands 10 default group tacacs+ 
aaa authorization commands 15 default group tacacs+ 
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 10 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
 

aryoba
Premium,MVM
join:2002-08-22
kudos:4

As ladino See Profile mentioned, what you are trying to achieve is part of TACACS+ functionality. Therefore you should deploy TACACS+ instead of RADIUS. Check out more info on TACACS+ and RADIUS in the following FAQ link.

»Cisco Forum FAQ »Securing access to routers with AAA commands


kamal1352

join:2008-04-27
ir
reply to kamal1352

Thank you, I set it and change Protocol from Radius to Tacacs+ and I can see start and stop connection accounting in ACS report log but I cannot see the command which I input in router consol for example show run and etc..
How can I see those? and whitch item I set in ACS 4.1 (I add cmd and cmd-arg in Tacacs report)?
Best Regards
Kamal


aryoba
Premium,MVM
join:2002-08-22
kudos:4

Did you click the correct GUI button?

Try this

Reports and Activity - TACACS Administration - TACACS Administration active.csv


kamal1352

join:2008-04-27
ir
reply to kamal1352

Hi all
Many Thanks, I change my ACS server anf reinstall it and set as told me Radius to Tacacs then it was resolved my problem
Best Regards
Kamal


ladino

join:2001-02-24
USA
kudos:1

Good to hear that you got it working. However you did not need to reinstall ACS in order to switch from Radius to Tacacs+. You could have simply made the change under the Network Configuration for the AAA client authentication