Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
Expand all | Collapse all

Command accounting is not being sent to cisco ISE from Juniper QFX10000 series switches

  • 1.  Command accounting is not being sent to cisco ISE from Juniper QFX10000 series switches

    Posted 10-13-2022 06:07
    We have Cisco ISE in our environment for AAA purpose. We have also configured TACACS related configuration in Juniper QFX switches for authentication and accounting. But only authentication logs are showing in ISE. Accounting logs are not being sent to ISE by the switches.

    What to do to enable accounting?

    ------------------------------
    KESHAV JANGID
    ------------------------------


  • 2.  RE: Command accounting is not being sent to cisco ISE from Juniper QFX10000 series switches

    Posted 10-14-2022 09:51
    Maybe the issue is that in Junos you have to tell it both tac auth and tac accounting

    set system tacplus-options enhanced-accounting
    set system accounting events login
    set system accounting events change-log
    set system accounting events interactive-commands
    set system accounting destination tacplus server 1.1.1.1 secret
    set system accounting destination tacplus server 1.1.1.1 source-address 10.10.10.10
    set system accounting destination tacplus server 2.2.2.2 secret
    set system accounting destination tacplus server 2.2.2.2 source-address 10.10.10.10