Web UI Configuration Command Accounting in TACACS Server

Feature History for Web UI Configuration Command Accounting in TACACS+ Server

This table provides release and related information for the feature explained in this module.

This feature is also available in all the releases subsequent to the one in which they are introduced in, unless noted otherwise.

Table 1. Feature History for Web UI Configuration Command Accounting in TACACS+ Server

Release

Feature

Feature Information

Cisco IOS XE Cupertino 17.9.1

Logging Web UI-Based Configuration Changes in TACACS+ Server

This feature logs all configuration changes made in controller web UI.

Support for logging configurations done in IOS console in TACACS+ server is already available.

Information About Web UI Configuration Command Accounting in TACACS+ Server

The Cisco Catalyst 9800 Series Wireless Controller configuration is stored in databases. Prior to Cisco IOS XE Cupertino 17.9.1 release, audit log or traceability were not available for the configuration changes stored in databases that were made from the controller GUI. With the Cisco IOS XE Cupertino 17.9.1 release, along with the existing configuration logging of commands executed from Cisco IOS console to TACACS+ server, support is also added to log the configuration changes done from the controller GUI to TACACS+ server. The logging information includes the command, user, and other session related parameters.

Guidelines for Web UI Configuration Command Accounting in TACACS+ Server

  • By default, the configuration commands are not logged to TACACS+ server without configuring command accounting.

  • All commands are accounted when AAA default command accounting is configured only for privilege 15.

  • When AAA default command accounting is not configured and commands need to be logged in the TACACS+ server, do the following:

    1. The HTTP named method list command accounting.

    2. The AAA named method list (same as the one configured in Step 1) command accounting.

Configure AAA accounting using default method list (CLI)

Set up command accounting on controller using the default AAA method list.

Use this task to monitor and record user command activity on devices through AAA accounting features

Before you begin

  • Confirm that AAA is enabled on the device.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Create an accounting method list and enables accounting.

Example:

Device(config)# aaa accounting commands 15 default start-stop group group-name

  • privilege_level : AAA accounting level. The valid range is from zero to 15.

  • group-name: AAA accounting group that supports only TACACS+ group.

Step 3

Return to privileged EXEC mode.

Example:

Device(config)# end

The controller records user command activities according to the configured accounting method

Configure HTTP command accounting using named method list (CLI)

Set up command accounting on your device using the default AAA method list.

Use this task to monitor and record user command activity on devices through AAA accounting features.

Before you begin

  • Use this task to monitor and record user command activity on devices through AAA accounting features.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure HTTP command accounting using the named method list.

Example:

Device(config)# ip http accounting commands 1 oneacct

  • level: Privilege value from 0 to 15. By default, the command privilege levels available on the controller are:

    • 0 : Includes the disable, enable, exit, help, and logout commands.

    • 1 : Includes all the user-level commands at the controller prompt (>).

    • 15 : Includes all the enable-level commands at the controller prompt (>).

  • named-accounting-method-list : Name of the predefined command accounting method list.

Step 3

Return to privileged EXEC mode.

Example:

Device(config)# end

The device records user command activities in accordance with the configured accounting method.