TACACS Server Accounting

OcNOS-RON-6.3.1 : System Management Guide : System Management Configuration Guide : TACACS Client Configuration : TACACS Server Accounting

After authentication, the user can configure accounting to measure the resources that the user consumes during access.

Authenticating Device

#configure terminal	Enter configure mode.
(config)#feature tacacs+ vrf management	Enable the feature TACACS+ for vrf management
(config)#feature tacacs+	Enable the feature TACACS+ for default vrf
(config)#tacacs-server host 10.16.19.2 vrf management key testing123	Specify the TACACS server IPv4 address to be configured with shared key for vrf management. The same key should be present in the server configuration file.
(config)#tacacs-server login host 10.16.19.2 key testing123	Specify the TACACS server IPv4 address to be configured with shared key default vrf. The same key should be present in the server configuration file.
(config)#aaa accounting default vrf management group tacacs+	Enable accounting for TACACS server configured for vrf management.
(config)#aaa accounting default group tacacs+	Enable accounting for TACACS server configured for default vrf
(config)#exit	Exit configure mode
#clear tacacs-server counters vrf management	Clear tacacs server counters for management vrf
#clear tacacs-server counters vrf all	Clear tacacs server counters for management and default vrf
#clear tacacs-server counters	Clear tacacs server counters for default vrf

To verify the TACACS accounting process, connect using SSH or Telnet from the host to the client with the user created and provided TACACS server password, and check whether the client validates the user with corresponding username and password.

Validation Commands

show tacacs-server, show aaa accounting, show aaa accounting

#show aaa accounting vrf management

VRF: management

default: group tacacs+

#show aaa accounting vrf all

VRF: management

default: group tacacs+

VRF: default

default: group tacacs+

#show aaa accounting

VRF: default

default: group tacacs+

#show running-config aaa

aaa authentication login default vrf management group G1

aaa accounting default vrf management group tacacs+

aaa group server tacacs+ G1 vrf management

server Tacacs-Server-1 vrf management

server 10.12.17.11 vrf management

aaa authentication login default group tacacs+

aaa accounting default group tacacs+

aaa group server tacacs+ G1

server Tacacs-Server-1

server 100.0.0.1

Sample TACACS Config File Contents

#tacacs configuration file

#set the key

key = "testing123"

accounting file = /var/log/tac_acc.log

user = test1 {

default service = permit

}

group = netadmin {

service = ppp protocol = ip {

priv-lvl = 1

}

user = test2 {

default service = permit

member = netadmin

}

user = test3 {

default service = permit

service = ppp protocol = ip {

priv-lvl = 15

}

Last modified date: 07-14-2023