have you setup aaa and tacacs

niki1365 · ‎02-05-2017

I have some cisco nexus switches and i want to send any configuration changes to my syslog server (cisco acs) after any user login. When i search in google i undersatnd that i must enable AAA accounting on nexus switches. Please guide me about nexus switches configuration commands to configure AAA accountiing and configurations that needed in besides of cisco ACS.

Thanks guys

Mark Malone · ‎02-06-2017

Hi

heres a working aaa/tacacs off my 7k you can use , you need to add your key and server ip , I use the mgmt. port on my nexus to source mgmt. traffic from

aaa authentication login default group xtacacs
aaa authentication login console group xtacacs
aaa authorization commands default group xtacacs local
aaa accounting default group xtacacs
tacacs-server directed-request

tacacs-server host x.x.x.x key 7 xxxxxxxxxxxxxxxxxxxxxxxx
aaa group server tacacs+ xtacacs
    server x.x.x.x
    use-vrf management
    source-interface mgmt0

logging server x.x.x.x 5 use-vrf management
logging source-interface loopback 3
logging monitor 6

**please rate useful posts**

niki1365 · ‎02-08-2017

Hi Mark.

Thank you from your guidance. I have a Cisco ACS and i want to send accounting log to ACS. I create a user in ACS and i want to login to nexus switches with this user. How i can connect to switch with this user?

Thanks a lot

Mark Malone · ‎02-08-2017

have you setup aaa and tacacs on the nexus you should be able to ssh to the nexus then once the ACS authenticates it correctly but you need to have the aaa setup with the server on the switch side with the acs set as the server in aaa as above post for it to work

Nexus change configuration and logging