Controller Based WLANs

What is TACACS+ accounting and how do I configure it?

Product and Software: This article applies to ArubaOS 3.1 and later.


TACACS+ accounting allows network managers to log all the activity (commands) executed on the switch.


To configure TACACS+ accounting, follow these steps:


1) Configure the TACACS server.

  •       aaa authentication-server tacacs <name_of_server>
  •       host <ip_address>
  •       key <shared_secret>


Other parameters are optional, but by default mode are enabled, and the server is configured to use TCP Port 49.


2) Configure the server group for TACACS servers.

  •       aaa server-group <name_of_server_group>
  •       auth-server <name_of_tacacs_server>


Other parameters are optional, like fail through (disabled by default) and server derivation rules.


3) Enable TACACS accounting.

  •       aaa tacacs-accounting server-group tacacs command <command_subset_for_accounting> mode enable


Command subset options are: all, action, configuration, and show.


You will have to add the switch as a client on the TACACS+ server. Sample accounting log file is shown here:



Version History
Revision #:
1 of 1
Last update:
‎07-01-2014 01:51 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.