What is TACACS+ accounting and how do I configure it?

Aruba Employee
Aruba Employee

Product and Software: This article applies to ArubaOS 3.1 and later.


TACACS+ accounting allows network managers to log all the activity (commands) executed on the switch.


To configure TACACS+ accounting, follow these steps:


1) Configure the TACACS server.

  •       aaa authentication-server tacacs <name_of_server>
  •       host <ip_address>
  •       key <shared_secret>


Other parameters are optional, but by default mode are enabled, and the server is configured to use TCP Port 49.


2) Configure the server group for TACACS servers.

  •       aaa server-group <name_of_server_group>
  •       auth-server <name_of_tacacs_server>


Other parameters are optional, like fail through (disabled by default) and server derivation rules.


3) Enable TACACS accounting.

  •       aaa tacacs-accounting server-group tacacs command <command_subset_for_accounting> mode enable


Command subset options are: all, action, configuration, and show.


You will have to add the switch as a client on the TACACS+ server. Sample accounting log file is shown here:



Version history
Revision #:
1 of 1
Last update:
‎07-01-2014 01:51 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: