RE: OT: Cisco ACS from Brian McGahan on 2011-10-03 (Ccielab archives 10/2011)

From: Brian McGahan <bmcgahan_at_ine.com>
Date: Mon, 3 Oct 2011 21:29:45 -0500

For this you need to run TACACS+, *not* RADIUS. RADIUS supports only exec accounting, it doesn't support per-command accounting like TACACS+ does. Also unless someone manually changed the privilege level of a command on the router/switch, you only need to account for level 0, 1, and 15 commands. It doesn't hurt to add the accounting for 2 - 14, but it won't do anything unless someone reassigned a command to one of these levels.

Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan_at_INE.com

Internetwork Expert, Inc.
http://www.INE.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of marc abel
Sent: Monday, October 03, 2011 8:32 PM
To: Jay McMickle
Cc: Asim Zafar; Cisco certification
Subject: Re: OT: Cisco ACS

You can also setup rancid to email out all changes engineers make to configs, if you are looking for a free option.

-Marc

On Mon, Oct 3, 2011 at 8:11 PM, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:
> Changed subject line.
> This is exactly what ACS does with accounting.
> ASA commands (from memory, syntax may be off)- aaa authentication
> group enable console TACACS LOCAL aaa accounting...
> aaa authorization...
> aaa-server protocol radius
> aaa-server host 1.1.1.1
> key mykey
>
> Router is similar, but you can source the interface and also add aaa to the vty, con, and aux ports. Google for results as this is a CCIE R&S study group and this is off topic.
>
> Good luck.
>
> Regards,
> Jay McMickle- CCNP,CCSP,CCDP
> Sent from my iPhone
> http://mycciepursuit.wordpress.com
>
>
> On Oct 3, 2011, at 7:14 PM, Asim Zafar <asim.mz_at_gmail.com> wrote:
>
>> Dear Experts,
>>
>>
>>
>> i want to record login activities e.g commands executed by users on
>> Cisco routers. Can Cisco ACS can do this and what configurations are
>> required on ACS and routers. if not then which softwares can do it.
>>
>>
>> --
>> Thanks & Regards,
>>
>> Asim Zafar
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _____________________________________________________________________
>> __ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 03 2011 - 21:29:45 ART

This archive was generated by hypermail 2.2.0 : Tue Nov 15 2011 - 13:10:29 ART