Re: cisco ACS from Adam Booth on 2011-10-03 (Ccielab archives 10/2011)

From: Adam Booth <adam.booth_at_gmail.com>
Date: Tue, 4 Oct 2011 10:43:51 +1000

Hi Asim,

Assuming you have your ACS and network elements already working for
authentication/authorization already running and have your ACS with
accounting (and are are using tacacs) , you can make your routers and
switches support command accounting without a lot of effort.

I believe this is what you may want to add to the configs:

aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 2 default start-stop group tacacs+
aaa accounting commands 3 default start-stop group tacacs+
aaa accounting commands 4 default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 6 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 8 default start-stop group tacacs+
aaa accounting commands 9 default start-stop group tacacs+
aaa accounting commands 10 default start-stop group tacacs+
aaa accounting commands 11 default start-stop group tacacs+
aaa accounting commands 12 default start-stop group tacacs+
aaa accounting commands 13 default start-stop group tacacs+
aaa accounting commands 14 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+

In most situations you probably only need to account for commands 1 and
commands 15 but specifying everything will capture all priv levels

Cheers,
Adam

On Tue, Oct 4, 2011 at 10:14 AM, Asim Zafar <asim.mz_at_gmail.com> wrote:

> Dear Experts,
>
>
>
> i want to record login activities e.g commands executed by users on Cisco
> routers. Can Cisco ACS can do this and what configurations are required on
> ACS and routers. if not then which softwares can do it.
>
>
> --
> Thanks & Regards,
>
> Asim Zafar
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Oct 04 2011 - 10:43:51 ART

This archive was generated by hypermail 2.2.0 : Tue Nov 15 2011 - 13:10:29 ART