<div dir="ltr">A second scenario arises, this time related to accounting of commands executed on devices.<div><br></div><div>Using this config:</div><div><br></div><div><div style="font-size:12.8px">aaa authentication enable default enable</div><div style="font-size:12.8px">aaa authentication login default tacacs+ local</div><div style="font-size:12.8px">aaa authorization commands 0 default tacacs+</div><div style="font-size:12.8px">aaa authorization exec default tacacs+</div><div style="font-size:12.8px">aaa accounting commands 0 default start-stop tacacs+</div><div style="font-size:12.8px">aaa accounting exec default start-stop tacacs+</div><div style="font-size:12.8px">aaa accounting system default start-stop tacacs+</div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">and according to this web page (for example):</div><div style="font-size:12.8px"><br></div><div><span style="font-size:12.8px"><a href="http://www.brocade.com/content/html/en/configuration-guide/fastiron-08040-securityguide/GUID-C9E9CEB6-582C-44BF-8047-3CD14483CF5C.html">http://www.brocade.com/content/html/en/configuration-guide/fastiron-08040-securityguide/GUID-C9E9CEB6-582C-44BF-8047-3CD14483CF5C.html</a></span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">then my config should be authorising and accounting all commands entered on the device. But what I am seeing is that after enabling, nothing else happens between the device and the TACACS server, e.g. heres what I did:</span></div><div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">$ ssh 192.168.100.180</span></div><div><span style="font-size:12.8px">Password:</span></div><div><span style="font-size:12.8px">SSH@ICX6450-48 Router>en</span></div><div><span style="font-size:12.8px">Enable Password:</span></div><div><span style="font-size:12.8px">SSH@ICX6450-48 Router#config t</span></div><div><span style="font-size:12.8px">SSH@ICX6450-48 Router(config)#int ethe 1/1/4</span></div><div><span style="font-size:12.8px">SSH@ICX6450-48 Router(config-if-e1000-1/1/4)#disable</span></div></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">but this is all that was accounted for:</span></div><div><span style="font-size:12.8px"><br></span></div><div><div><span style="font-size:12.8px">Nov  4 12:11:45<span class="gmail-Apple-tab-span" style="white-space:pre">        </span>192.168.100.180<span class="gmail-Apple-tab-span" style="white-space:pre">       </span>tomstorey<span class="gmail-Apple-tab-span" style="white-space:pre">     </span>tty11<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>192.168.100.178<span class="gmail-Apple-tab-span" style="white-space:pre">       </span>start<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>task_id=12<span class="gmail-Apple-tab-span" style="white-space:pre">    </span>timezone=Alaska<span class="gmail-Apple-tab-span" style="white-space:pre">       </span>service=shell</span></div><div><span style="font-size:12.8px">Nov  4 12:11:53<span class="gmail-Apple-tab-span" style="white-space:pre">      </span>192.168.100.180<span class="gmail-Apple-tab-span" style="white-space:pre">       </span>tomstorey<span class="gmail-Apple-tab-span" style="white-space:pre">     </span>tty11<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>192.168.100.178<span class="gmail-Apple-tab-span" style="white-space:pre">       </span>stop<span class="gmail-Apple-tab-span" style="white-space:pre">  </span>task_id=1<span class="gmail-Apple-tab-span" style="white-space:pre">     </span>timezone=Alaska<span class="gmail-Apple-tab-span" style="white-space:pre">       </span>service=shell<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>priv-lvl=0<span class="gmail-Apple-tab-span" style="white-space:pre">    </span>cmd=enable <cr></span></div><div><br></div><div>Any pointers?</div></div><div><br></div><div>Thanks again!</div><div>Tom</div></div>