Re: cisco ACS from Jason Tan on 2011-10-04 (Ccielab archives 10/2011)

From: Jason Tan <jascent97_at_yahoo.com>
Date: Tue, 4 Oct 2011 08:19:57 -0700 (PDT)

Hi Adam

Regarding this command that you have provided, i have some doubts.

aaa accounting connection default start-stop group tacacs+

On Cisco doc, it states:

connection

Provides information about all outbound connections made from the
network access server, such as Telnet, local-area transport (LAT),
TN3270, packet assembler/disassembler (PAD), and rlogin.

http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/aaa_accounting_through_aaa_local_authentication_attempts_max-fail.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA

What does this command exactly do? It is only applicable to telnet connections?
What about SSH?

Thank you.

--- On Tue, 10/4/11, Adam Booth <adam.booth_at_gmail.com> wrote:

From: Adam Booth <adam.booth_at_gmail.com>
Subject: Re: cisco ACS
To: "Asim Zafar" <asim.mz_at_gmail.com>
Cc: "Cisco certification" <ccielab_at_groupstudy.com>
Date: Tuesday, October 4, 2011, 8:43 AM

Hi Asim,

Assuming you have your ACS and network elements already working for
authentication/authorization already running and have your ACS with
accounting (and are are using tacacs) , you can make your routers and
switches support command accounting without a lot of effort.

I believe this is what you may want to add to the configs:

aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 2 default start-stop group tacacs+
aaa accounting commands 3 default start-stop group tacacs+
aaa accounting commands 4 default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 6 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 8 default start-stop group tacacs+
aaa accounting commands 9 default start-stop group tacacs+
aaa accounting commands 10 default start-stop group tacacs+
aaa accounting commands 11 default start-stop group tacacs+
aaa accounting commands 12 default start-stop group tacacs+
aaa accounting commands 13 default start-stop group tacacs+
aaa accounting commands 14 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+

In most situations you probably only need to account for commands 1 and
commands 15 but specifying everything will capture all priv levels

Cheers,
Adam

On Tue, Oct 4, 2011 at 10:14 AM, Asim Zafar <asim.mz_at_gmail.com> wrote:

> Dear Experts,
>
>
>
> i want to record login activities e.g commands executed by users on Cisco
> routers. Can Cisco ACS can do this and what configurations are required on
> ACS and routers. if not then which softwares can do it.
>
>
> --
> Thanks & Regards,
>
> Asim Zafar
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Oct 04 2011 - 08:19:57 ART

This archive was generated by hypermail 2.2.0 : Tue Nov 15 2011 - 13:10:29 ART