RE: [unclas] freeradius cisco command accounting

["Ranner, Frank MR" <Frank.Ranner@defence.gov.au>]

No, the cisco devices do not send command logs via radius. I compiled a tacacs server and configured it to handle accounting records. I then used the following to set up aaa on the router:

 

aaa new-model
aaa authentication login default group radius local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting send stop-record authentication failure
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default wait-start group radius
aaa accounting system default start-stop group radius

 

tacacs-server host 192.168.0.15
tacacs-server key XXXXXXXX
radius-server host 192.168.0.15 auth-port 1812 acct-port 1813 key XXXXXXXX
radius-server retransmit 3
radius-server vsa send accounting

 

The tacacs server is avaliable here:   http://www.pro-bono-publico.de/projects/

 

regards,

Frank Ranner

---

From: freeradius-users-bounces+frank.ranner=defence.gov.au@lists.freeradius.org [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au@lists.freeradius.org] On Behalf Of satish patel
Sent: Thursday, 22 March 2007 17:33
To: freeradius-users
Subject: freeradius cisco command accounting

Dear's

            is there any feature in freeradius provide cisco command accouning means users run command on cisco router and radius provide me command log ?? per users i want to replace my tacace with freeradius