RE: Cisco ACS 4.2 and ASA from Ryan West on 2010-05-18 (Ccielab archives 05/2010)

From: Ryan West <rwest_at_zyedge.com>
Date: Tue, 18 May 2010 12:39:38 +0000

Shaughn,

I think you want 'aaa accounting command console TACACS+', but I'm not sure
how that will work without using command authorization as well. I typically
do not set this, as ACS is already logging via the command authorization
section.

HTH,

-ryan

From: Shaughn Smith [mailto:maniac.smg_at_gmail.com]
Sent: Tuesday, May 18, 2010 8:00 AM
To: Ryan West
Cc: Cisco certification
Subject: Re: Cisco ACS 4.2 and ASA

AAa configuration on the ASA

xxxxxxx# sh running-config | include aaa
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (inside) host xxx.xxx.xxx.xxx
aaa authentication telnet console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa accounting enable console TACACS+

On Tue, May 18, 2010 at 1:19 PM, Shaughn Smith
<maniac.smg_at_gmail.com<mailto:maniac.smg_at_gmail.com>> wrote:
Should have clarified, I can see entries in the passed and failed logs.

AAA config coming up
On Tue, May 18, 2010 at 1:18 PM, Ryan West
<rwest_at_zyedge.com<mailto:rwest_at_zyedge.com>> wrote:
Can you post your AAA config? Do you see entries in the passed and
failed auth logs?

Sent from handheld.

On May 18, 2010, at 7:01 AM, "Shaughn Smith"
<maniac.smg_at_gmail.com<mailto:maniac.smg_at_gmail.com>>
wrote:

> Hi All
>
> I have a very strange problem. I am running Cisco ASC 4.2 as well as
> a 5540
> ASA, I have setup TACACS+ auth to the ACS which is working 100%.
> However
> when i try and view the reports for Tacacs+ accounting the reports are
> blank. Same goes for Tacacs+ Administration.
>
> I have seen there were some bugs with ACS 4.1 but havent been able
> to find
> any issues relating to 4.2, anyone here seen this before ?
>
> Thanks
>
> CCIE # 23962 (SP)
>
>
> Blogs and organic groups at http://www.ccie.net<http://www.ccie.net/>
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue May 18 2010 - 12:39:38 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART