[unclas] freeradius cisco command accounting [resend]

Ranner, Frank MR Frank.Ranner at defence.gov.au
Fri Mar 23 02:19:26 CET 2007


______________________________

>	From:
freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.or
g
[mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freer
adius.org] On Behalf Of satish patel
>	Sent: Thursday, 22 March 2007 17:33
>	To: freeradius-users
>	Subject: freeradius cisco command accounting
>	
>	
>	Dear's
>	
>	            is there any feature in freeradius provide cisco
command accouning means users run command on cisco router and radius
provide me command log ?? per users i want to replace my tacace with
freeradius
>	
>	  

Sorry about previous top posted html junk (thank you outlook)


No, the cisco devices do not send command logs via radius. I compiled a
tacacs server and configured it to handle accounting records. I then
used the following to set up aaa on the router:
 


aaa new-model
aaa authentication login default group radius local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting send stop-record authentication failure
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default wait-start group radius
aaa accounting system default start-stop group radius
 
tacacs-server host 192.168.0.15
tacacs-server key XXXXXXXX
radius-server host 192.168.0.15 auth-port 1812 acct-port 1813 key
XXXXXXXX
radius-server retransmit 3
radius-server vsa send accounting
 
The tacacs server is avaliable here:
http://www.pro-bono-publico.de/projects/
 
regards,
Frank Ranner




More information about the Freeradius-Users mailing list