Cisco AAA/Identity/Nac :: 3500 / Accounting / Too Many Records
May 26, 2013
Following best practices on cisco documentations we did set aaa acounting update periodic 5 with 250 switches in the deployment every single switch is geneating and sending 9.990 acct records this is too much the new testing parameterswe are using is aaa acounting update newinfo periodic 15 and this lowered accts by 2/3 (3500) moreover from switch monitoring the most accts records sent by it are related to the trunk-port any suggestion to mitigate this informations storm rather than raising the 15 min period to higher values?are this records generating from the trunk port normal?
View 1 Replies
ADVERTISEMENT
May 26, 2011
I do not see any start records in Radius Accounting reports but do see only Stop records ?
btw I am running ACS 5.2
View 2 Replies
View Related
Nov 29, 2011
I want to export the ACS local user's records.Then import to other ACS5.3 server.But the export file not the user's password record.I cannot import it well....
View 1 Replies
View Related
Sep 12, 2012
I've got an issue with my ACS 5.1 implementation not updating any of the RADIUS or TACACS authz, authc, or acct records. Nothing is showing up, even though i've logged in via TACACS to several devices, and there are numerous wireless devices authenticated and online via RADIUS right now.
View 3 Replies
View Related
Feb 6, 2013
How to configure ACS 5.1 local administrator accounting and where have to check the accounting log . suppose administrator logged in to ACS and created some user or delete users where will see the log , which user have they created or deleted.
View 1 Replies
View Related
Aug 23, 2011
ACE is configured to point accounting to ACS servers but ACS servers are not seeing all the accounting logs. I can only see accounting logs from ACE for watchdog, start and stop.
View 5 Replies
View Related
May 14, 2013
I am setting up reports for tacacs accounting on ACS 5.3. However, accounting only seems to work after entering enable mode on the switch. I would like to see all commands, even the enable command when in privlage 1 mode.
View 2 Replies
View Related
May 26, 2011
is command accounting for Radius supported on ACS 5.2 ? provided vendor's radius implementation supports this capability.
View 1 Replies
View Related
Apr 10, 2013
i changed from ACS 4 to ACS 5.2. Everything works fine but i have authentication failed in the Radius accouting reports every time when users connect through ASA or Juniper into our network. Juniper amd ASA only send accounting informations to ACS. The users are not configured on the ACS, authentication is done via external LDAP. So my question is why do o see authentication error on ACS because Juniper and ASA only send accounting packets ?
View 2 Replies
View Related
Jul 2, 2012
I have an error when i try to generate radius accounting.
View 4 Replies
View Related
Aug 30, 2011
I've set up my 5540 ASA to accounting commands on TACACS+.Every moviment done through ASDM is logged on TACACS+ by this form: cmd=perfmon interval 10.What does that mean?Why doesn't it record the exaclty command I'd issued?
View 1 Replies
View Related
Jul 31, 2012
on the dashboard of the "Monitoring & Report Viewer" I see a lot of system alarms related to the database.The explanation of the alarm says to look at the Collector logs for the details.
View 3 Replies
View Related
Nov 28, 2012
Whether ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting.
View 1 Replies
View Related
Oct 5, 2011
How to delete the accounting/authorization Reports or logs ?
View 2 Replies
View Related
Aug 7, 2011
We have Cisco ACS 4.2 in our network and the accounting is done for 750-1000 devices and only for level priv-15.If i want to enable accounting for all levels from priv-1 to 15. All commands executed in devices are sent to ACS. Does the ACS can that much sessions from those many devices?Am also planning to configure acs remote agent to store all the accounting history.
View 1 Replies
View Related
Feb 6, 2011
I have a problem trying to export logs to the Cisco ACS View from my ACS 4.2In the document [URL] Cisco states that one of the mandatory attributes for export to work is "Network Access Profile Name" under TACACS+ Accounting (under ACS 4.2 System configuration -> Logging settings). Well, I don't have this mandatory attribute listed in ACS under TACACS+ accounting log configuration. I tried to ignore this attribute, but then ACS View complains about null value for the attribute mentioned above.Is this some bug in ACS View or ACS or maybe I simply missing something?
View 1 Replies
View Related
Dec 8, 2011
accounting in ACS 5.3. When I setup accounting on WLC 440x / 5508 ACS takes them as an authentication request and fail.
Here are some logs what I see in acsview:
Dec 9,11 6:05:11.783 PM
Radius authentication failed for USER: navrka2 MAC: a.b.c.d AUTHTYPE: Radius authentication failed
ACS Session ID:
dc2aaa1v/112555963/420
Audit Session ID:
0a9a01d7000001fd4ee23a3d
Tunnel Details:
[code]...
View 4 Replies
View Related
Nov 1, 2012
Would like to check out some client side setting on Wireless 802.1x authenticaiton.
Network setup is using
- Cisco WLC 7.2 and AP3500,
- ACS 5.3
- Microsoft Windows server 2008 hosting AD and CA services (same machine)
- Client OS is Microsoft Window 7.
Authentication mehtod would use PEAP-MSChap V2 Combo.
My question :
01. In AD environment, should ACS 5.3 be part of the domain computer?
02. To have secure connectivity, IF the security policy force client to check "Validate server certificate", which certificate it is look for? Is it ACS's identity certifate, that require CA server to sign on the CSR?
03. Back to client side, should the client also need to import this certificate in trusted root certification authorities?
Or the client will trust ACS identity certificate against the root CA certificate store at client's trusted root certification authorities, where they have the identical issuer?
04. Extra question: If no CA environment, would it be sufficient simply export ACS self-signed certificate and import to client computer, and it's trusted?
View 3 Replies
View Related
May 22, 2012
Can anyone recomend a CDR application which will allow user-friendly presentation of the CDR records and to be saved historically. I see there are a good number out there but not having used any I am hoping someone has some first hand experience with them. I'm going to see about giving this a go url... for my CUCME system to see how it is. Basic call tracking is all that is really needed. Email reports and costing is an added bonus.
View 1 Replies
View Related
Jul 31, 2012
LMS 4.2.1 W2K8 R2
I seem to be unable to generate a syslog report that contains > 10,000 records. And I don't mean with run type immediate either. I am scheduling them to run at the next 5 minute interval (incidentally, why not have an option that just says "run in background now"?)
I am facing an issue where a bunch of errors are being generated by a voice gateway and I want to determine when the problem started. My syslog contains 7 days of records. If I schedule a report to give me all syslog records for the last 1 week (or 7 days I have tried it both ways) for all devices at that location I get 10,000 records, and they are all for the current date. If I schedule a report and select a date range in the past, I get records within that date range, but only 10,000.
View 2 Replies
View Related
Jun 19, 2011
I have a VPN connection to my office network. The VPN connection appears to work fine as it connects and logs me in successfully. In the connection box I have to provide a domain and my username to log in. Once the VPN is connected I am then able to ping my office computer as if I was on the same network. That is great. The problem is that there is a server on that network that defines a bunch of A records for web applications we are working on and I can't seem to hit any of those from my home computer, even though I can at work. If I remote into the office PC and navigate to these addresses they work fine. I also know that my co-worker can hit these a records from home so it has to be something I'm doing wrong.
[Code]....
View 2 Replies
View Related
Mar 4, 2013
If I choose to authenticate NCS users through Cisco ACS (5.4 in this instance) via TACACS, do I still have the ability to do accounting to track what changes they have made? I'm not getting anything in the TACACS accounting reports and I don't see anywhere to configure TACACS for accounting within NCS gui like I can on a WLC. I know that NCS has an internal audit trail but if a users account is both a local account on NCS as well as an account being authenticated through ACS does the Audit trail on NCS for that local user still contain the information about changes the user made? I ask because it looks like it does but I want to make sure I'm not going mad. Here is my example:
Local account username: NCS_Admin2AD account via TACACS username: NCS_Admin2
Audit trail for the NCS_Admin2 account on NCS looks like changes are being logged to NCS even though the user is logging in with their AD credentials via TACACS.
View 4 Replies
View Related
Oct 23, 2011
what command is required to configure ip accounting on an interface?
I would have thought to what is required is on the interface, turn on Ip accounting i.e.
int gi0/0/0
ip accounting
However, there is no ip accounting command within the interface. We are running version Version 15.1(1)S2.
View 6 Replies
View Related
Mar 19, 2013
it seems there is no option for flexconnect registered AP's to work with external accounting server.I am using zeroshell server to authenticate with the radius server,which works perfectly!but there is no option under flexconnect security group to specify accounting server.is there a way to redierct AP to a local acoouting+authentication radius ?
View 5 Replies
View Related
Jan 1, 2012
I am working on cisco ACS 5.0, authentication is working fine on netscreen. Can acs be used for authorization and accounting of netscreen devices. if yes, what will be the configurations.
View 1 Replies
View Related
Nov 8, 2012
How does one find the top user or IP accounting with this ASA5505 v7.22 device?
-With 1841 ISR:
-sh ip accounting
-sh ip flow top
Very lame if they don't have similar commands or capabilities on the ASA series.
View 1 Replies
View Related
Apr 18, 2012
I have installed DCNM 5.2(2c) on windows box to manage Nexus 7K devices.\ have for the time being one device that i have manage and i see often the following text:Discrepancy in device accounting log,Recommended action: clear the accounting log and discover the device. Device details are not available.How can i delete the accounting log and why do i have this message ?
View 4 Replies
View Related
Jun 5, 2013
I have a WLAN configured with 802.1x PEAP pointing to an external RADIUS server. It works fine for the most part, but I'm having problem closing accounting sessions in RADIUS. I've found this is related to the client table in the WLC. The user session does not end in RADIUS unless the WLC officially removes the client from the db, which takes 5-6 minutes from what I can see (probably due to the default idle timeout of 300 seconds).
For example:
1. I connect my tablet to the test WLAN. It associates and authenticates successfully and the WLC sends the accounting info to my RADIUS server, opening up a user session. If I turn off the wifi in the tablet, the client entry stays in the WLC client table until it times out. The WLC removes my tablet from the client table after 5-6 minutes, and then the session closes in the accounting table. I can force the session to close much earlier by manually removing the client from the WLC.
2. Same as #1, but this time instead of turning of the wifi in the tablet, I choose to connect to a different WLAN in the WLC. The user session in the accounting DB never closes. If I reconnect back to the original test WLAN with 802.1x, it opens up yet another user session in RADIUS accounting. Now I have a "dead" user session in accounting that is going to be open forever unless I delete it from SQL.
Is this an issue with the end user client not sending the disassociation frame properly, or a config problem with the WLC? How can I make it so that every time a client drops from an AP or moves to a different WLAN, the WLC would immediately send accounting updates to my RADIUS server and close the user session properly?
View 1 Replies
View Related
Sep 3, 2012
Enabling IP Accounting or capture packets in Cisco ASA 5510 ( 8.2 ).
View 2 Replies
View Related
Jul 26, 2012
Struggling to find any documentation that states both "ip accounting & netflow" are supported on the new ME3600 switches. I have tried both a 12 and 15 release of software. Netflow produces no data what so ever, ip accounting only produces data (of the global network) when configured on my uplink (running MP-BGP network) unable to get specific data for user networks in seperate VRFs. Is this a case of the commands being there but not being supported?
View 0 Replies
View Related
Dec 15, 2010
I have a Cisco 2621XM router with two ethernet interfaces that sits before a vendor supplied VPN router. I need to see the IP traffic incoming to my router from the WAN side (fasteth0/1 below). I setup ip cef, and ip flow ingress on the interface. However -- it seems that what I see when I use "ip cache flow" command doesn't have a very long history or life. What commands am I missing so that I can see a summary of the stats over say the last 5, 10 or 15 minutes? Is this the best config that can be used for this, or can I create a more summarized report just using the router HW and IOS? Basic current configuration:version 12.3service timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname Littleboy!ip subnet-zeroip cef table event-log size 1024ip cefip cef accounting per-prefix non-recursive prefix-lengthip cef traffic-statistics load-interval 180!ip flow-cache entries 2048ip flow-cache timeout inactive 60!interface FastEthernet0/1 description Littleboy to vpn-wan ip address 10.1.0.1 255.255.255.252 ip flow ingress?
View 5 Replies
View Related
Jun 26, 2012
The "Cisco Small Business 300 Series Managed Switches Administration Guide" and the data sheet indicate that this switch can do accounting requests with a Radius server. On the SF300 switch interface/CLI, there is only the authentication port, the accounting port can not be set (and nothing is sent by the switch to the default port). I suppose that the SF300-08 does not handle accounting. Maybe I have to change for another model.
View 4 Replies
View Related
Jan 27, 2012
I am using the CISCO SG300-28 with firmware version 1.0.0.27. I enabled RADIUS authentication and accounting. Authentication is working but there are no accounting requests/replys (Accounting on, accounting off, accoun ting start, accounting stop) when running RADIUS in debug mode. I also did a packetcapture and there are no accounting packets.
So i updated the firmware image up to version 1.1.2.0. When I now want to configure accounting in RADIUS settings then there isn't any option to set an accounting port.
Ich checked the data sheet of the switch and it says that accounting is supported:
===============================================
802.1X: RADIUS authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN, single/multiple host mode and single/multiple sessions [URL]
===============================================
I did a second packet capture with the new firmware image and there are still no accounting packets.
The RADIUS server is configured correct for accounting because when using another NAS like a WLAN-AP with DD-WRT accounting is workings. It is working with pfsense Captive Portal (an open source firewall and routing solution with a hotspot portal).
View 4 Replies
View Related
