Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

231

232

233

234

235

236

237

238

239

240

1-32

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting

Configuring AAA Accounting for WAAS Devices

Note If you enable AAA accounting for a device, we strongly recommended that you create an IP ACL

condition in the first entry position permitting access to the TACACS+ servers to avoid delay while

processing the commands. For information on IP ACLs, see Chapter 1, “Creating and Managing IP

Access Control Lists for WAAS Devices.”

To centrally configure AAA accounting settings for a WAAS device or device group, follow these steps:

Step 1 From the WAAS Central Manager menu, choose Devices > device-name (or Device Groups >

device-group-name).

Step 2 Choose Configure > Security > AAA > AAA Accounting. The AAA Accounting Settings window

appears.

Step 3 From the System Events drop-down list, choose a keyword to specify when the chosen device (or the

device group) should track system-level events that are not associated with users, such as reloads, and

to activate accounting for system events.

Step 4 From the Exec Shell and Login/Logout Events drop-down list, choose a keyword to specify when the

chosen device (or the device group) should track EXEC shell and user login and logout events and to

activate accounting for EXEC mode processes. Reports include username, date, start and stop times, and

the WAAS device IP address.

Step 5 From the Normal User Commands drop-down list, choose a keyword to specify when the chosen device

(or the device group) should track all the commands at the normal user privilege level (privilege level 0)

and to activate accounting for all commands at the non-superuser administrative (normal user) level.

Step 6 From the Administrative User Commands drop-down list, choose a keyword to specify when the

chosen device (or the device group) should track all commands at the superuser privilege level (privilege

level 15) and to activate accounting for all commands at the superuser administrative user level.

Caution Before using the wait-start option, ensure that the WAAS device is configured with the TACACS+

server and is able to successfully contact the server. If the WAAS device cannot contact a configured

TACACS+ server, it might become unresponsive.

Table 1-2 describes the event type options.

Table 1-2 Event Types for AAA Accounting

GUI Parameter Function

Event Type Options

stop-only The WAAS device sends a stop record accounting notice at the end of

the specified activity or event to the TACACS+ accounting server.

start-stop The WAAS device sends a start record accounting notice at the

beginning of an event and a stop record at the end of the event to the

TACACS+ accounting server.

The start accounting record is sent in the background. The requested

user service begins regardless of whether or not the start accounting

record was acknowledged by the TACACS+ accounting server.