| Problem in ACS4.1 and user monitoring Hi all,
I have a ACS 4.1 and many routers, I set radius protocol between my routers and ACS and now I can it, but I need to config routers and ACS for this :
If a user telnet to router I can see all commands which he type in telnet consol
for example if User1 authenticated and type en and password and then type show run I can see all his action in ACS log my router config is:
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius if-authenticated
aaa accounting exec default start-stop group radius
aaa session-id common
username poweruser privilege 15 password power
ip radius source-interface Fastethernet0/0
radius-server host 192.168.1.5 auth-port 1645 acct-port 1646 key test
radius-server directed-request
!
and I select all fields for all logs but I see only start and stop settion
Could you help me?
Thanks
Kamal |
|
1 edit | I would suggest switching from Radius to Tacacs. Radius is not as useful for router management. Tacacs+ gives you more options & in addition control over which CLI can or cannot be executed as well
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ none
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+
aaa authorization commands 10 default group tacacs+
aaa authorization commands 15 default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 10 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
|
|
aryobaPremium,MVM
join:2002-08-22
kudos:3 | As ladino  mentioned, what you are trying to achieve is part of TACACS+ functionality. Therefore you should deploy TACACS+ instead of RADIUS. Check out more info on TACACS+ and RADIUS in the following FAQ link.
»Cisco Forum FAQ »Securing access to routers with AAA commands |
|
| reply to kamal1352
Thank you, I set it and change Protocol from Radius to Tacacs+ and I can see start and stop connection accounting in ACS report log but I cannot see the command which I input in router consol for example show run and etc..
How can I see those? and whitch item I set in ACS 4.1 (I add cmd and cmd-arg in Tacacs report)?
Best Regards
Kamal |
|
aryobaPremium,MVM
join:2002-08-22
kudos:3 | Did you click the correct GUI button? 
Try this
Reports and Activity - TACACS Administration - TACACS Administration active.csv |
|
| reply to kamal1352
Hi all
Many Thanks, I change my ACS server anf reinstall it and set as told me Radius to Tacacs then it was resolved my problem
Best Regards
Kamal |
|
| Good to hear that you got it working. However you did not need to reinstall ACS in order to switch from Radius to Tacacs+. You could have simply made the change under the Network Configuration for the AAA client authentication |
|
