No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

No Accounting Information in AR1220 when HWTACACS Service was deployment

Publication Date:  2019-07-16  |   Views:  247  |   Downloads:  0  |   Author:  SU1000965120  |   Document ID:  EKB1000036613

Contents

Issue Description

The AR1220 is running V200R003C01SPC600, is connected directly to a Linux TACACS+ server this server requires to get all the commands run in the AR1220 when a user is connected either by console.
The costumer server can authorize and authenticate the user, but the accounting log was always empty in the server record.

Alarm Information

No relevant information was shown in the AR, but the costumer accounting information was empty all the time.

Handling Process

To correctly send information from the AR1220 to the TACACS server is important to run the following commands (which are not shown in any example) enabling CMD accounting:

authentication-scheme default
authentication-scheme huawei
  authentication-mode hwtacacs local
authorization-scheme default
authorization-scheme huawei
  authorization-mode hwtacacs local
authorization-scheme hwtacacs
  authorization-mode hwtacacs local
  authorization-cmd 7 hwtacacs local
  authorization-cmd 15 hwtacacs local
accounting-scheme default
accounting-scheme huawei
  accounting-mode hwtacacs
  accounting realtime 3
  accounting start-fail online 

Root Cause

The sniffing tool connected to the AR router shows that actually the AR is no sending any accounting information even when the right configuration was in the AR equipment, the accounting information was only shown in the console. 
Some modification needed to be done in the AR router so it actually send some kind of accounting information.

Suggestions

Command accounting should be enable manually if  it's needed.