满意答案
cisco 日志,只记录事件。至于操作和登录,你需要配置起tacacs服务器(或acs服务器),然后在交换机配置AAA,给个7609的配置例子:
tacacs-server host 111.22.22.111
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login no-tacacs local
aaa authentication login no-password none
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
其中留意上面的command,cisco是通过tacacs对命令鉴权,才可以记录命令,还有,aaa只能起tacacs,radius是不支持命令鉴权的。
00分享举报