One of the most significant advantages of TACACS over RADIUS
is the ability to do accounting, hence logging every activity and configuration
change on the device.
For those who doesn’t have TACACS server (such Cisco ACS or
ISE) you can use the following archive command, on Cisco devices, and even send
it to syslog server for long term archive:
|
archive
log config
logging enable
logging size 500
notify syslog
contenttype plaintext
hidekeys
|
This will allow you to track, who and what, changes your Cisco
configurations J
No comments:
Post a Comment