tacacs+ snmp accouning

Hello all,

i have installed a tacacs server to do all console and tty accounting and
authorization.

Does anybody know how to configure tacacs authorization for snmp. I need
this to monitor the changes witch are done by
snmp for example from cisco view !.

I need that for IOS and Catos.

thanks

oliver

 

I don't think you can get tacacs Auth for snmp writes. I did a quick
search of the docs and nothing jumped out.

I would suggest setting up a syslog server and have your
routers/switches write back to it.

For windows www.kiwisyslog.com has a great syslog server, linux has a
syslog server built-in.


gets via the RW snmp server community statment are recoreded in the
logging buffer in IOS as shown below:

"%SYS-4-SNMP_WRITENET: SNMP WriteNet request. Writing current
configuration"

CatIos gives something like:
"SYS-6:Global block changed by SNMP/"

You might need to make some changes in both the IOS and CatIOS to make
sure certain "logging" and "facility" levels are adjusted to log the
changes. The CatIos is a little more tricky.

Another safe guard would be to limit snmp access to the device via an
access list. This way only a specific ip address can access via snmp.