Is there a way to send ALL commands, not just exec or certain priv levels to your TACACS servers through accounting? I am not seeing any accounting logs in our ISE 2.3 server and don't know where I am missing something - whether in the router config or in ISE itself. Authentication and Authorization are working fine... just nothing for accounting. Here is my overboard accounting config...
aaa accounting exec default start-stop group tacacs+ - This should only send priv exec commands... right?
aaa accounting commands 0 default start-stop group tacacs+ - anything above priv 0 should be sent?
aaa accounting commands 1 default start-stop group tacacs+ - Same as above but 1??
aaa accounting commands 15 default start-stop group tacacs+ - Same as above but 15??
Been awhile since we have done TACACS, we have been an NPS shop for a bit...
No comments:
Post a Comment