[unclas] freeradius cisco command accounting [resend]
Ranner, Frank MR
Frank.Ranner at defence.gov.au
Fri Mar 23 02:19:26 CET 2007
______________________________
> From:
freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.or
g
[mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freer
adius.org] On Behalf Of satish patel
> Sent: Thursday, 22 March 2007 17:33
> To: freeradius-users
> Subject: freeradius cisco command accounting
>
>
> Dear's
>
> is there any feature in freeradius provide cisco
command accouning means users run command on cisco router and radius
provide me command log ?? per users i want to replace my tacace with
freeradius
>
>
Sorry about previous top posted html junk (thank you outlook)
No, the cisco devices do not send command logs via radius. I compiled a
tacacs server and configured it to handle accounting records. I then
used the following to set up aaa on the router:
aaa new-model
aaa authentication login default group radius local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting send stop-record authentication failure
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default wait-start group radius
aaa accounting system default start-stop group radius
tacacs-server host 192.168.0.15
tacacs-server key XXXXXXXX
radius-server host 192.168.0.15 auth-port 1812 acct-port 1813 key
XXXXXXXX
radius-server retransmit 3
radius-server vsa send accounting
The tacacs server is avaliable here:
http://www.pro-bono-publico.de/projects/
regards,
Frank Ranner
More information about the Freeradius-Users
mailing list