37-30
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter37 Configuring Management Access
Configuring AAA for System Administrators
Configuring Management Access Accounting
You can send accounting messages to the TACACS+ accounting server when you enter any command
other than show commands at the CLI. You can configure accounting when users log in, when they enter
the enable command, or when they issue commands.
For command accounting, you can only use TACACS+ servers.
To configure management access and enable command accounting, perform the following steps:
Detailed Steps
Viewing the Currently Logged-In User
To view the current logged-in user, enter the following command:
hostname# show curpriv
The following is sample output from the show curpriv command:
hostname# show curpriv
Username: admin
Current privilege level: 15
Current Mode/s: P_PRIV
Table37-1 describes the show curpriv command output.
Command Purpose
Step1 aaa accounting {serial | telnet | ssh |
enable} console server-tag
Example:
hostname(config)# aaa accounting telnet
console group_1
Enables support for AAA accounting for administrative access.
Valid server group protocols are RADIUS and TACACS+.
Step2 aaa accounting command [privilege level]
server-tag
Example:
hostname(config)# aaa accounting command
privilege 15 group_1
Enables command accounting. Only TACACS+ servers support
command accounting.
Where privilege level is the minimum privilege level and
server-tag is the name of the TACACS+ server group to which
the ASA should send command accounting messages.
Table37-1 show curpriv Command Output Description
Field Description
Username Username. If you are logged in as the default user, the name is enable_1 (user
EXEC) or enable_15 (privileged EXEC).