Product and Software: This article applies to ArubaOS 3.1 and later.
TACACS+ accounting allows network managers to log all the activity (commands) executed on the switch.
To configure TACACS+ accounting, follow these steps:
1) Configure the TACACS server.
- aaa authentication-server tacacs <name_of_server>
- host <ip_address>
- key <shared_secret>
Other parameters are optional, but by default mode are enabled, and the server is configured to use TCP Port 49.
2) Configure the server group for TACACS servers.
- aaa server-group <name_of_server_group>
- auth-server <name_of_tacacs_server>
Other parameters are optional, like fail through (disabled by default) and server derivation rules.
3) Enable TACACS accounting.
- aaa tacacs-accounting server-group tacacs command <command_subset_for_accounting> mode enable
Command subset options are: all, action, configuration, and show.
You will have to add the switch as a client on the TACACS+ server. Sample accounting log file is shown here: