Unanswered Question
Mar 12th, 2007

aaa authentication login userauthen group tacacs+

aaa authorization network NETWORK local

crypto map dynmap client authentication list userauthen

crypto map dynmap isakmp authorization list NETWORK

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

with this commands my vpn client is able to login with the user created locally on the router & looks for TACACS server user account & agains prompts for user name & password, so i enter the TACACS user name & password & i could able to know which users has logged in from which public IP address, but this is getting listed only in PASSED AUTHENTICATION on my Cisco ACS Server, but i wanted them to list in in TACACS ACCOUTING & TACACS ADMINSTRATION, so that i can know which users has logged in & logged out on what time. any help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kaachary Mon, 03/12/2007 - 09:19

You need the following vommand as well :

aaa accounting login default start-stop group tacacs+

*Please rate if helped.


Anand Narayana Mon, 03/12/2007 - 22:46

Hi Kanishka,

Thanks for your reply, the command which you have mentioned should be "aaa accounting exec default start-stop group tacacs+" but this command will just show you the authentication login & logout time of a user who has logged in the Router, but my requirement, a VPN user who ever logs in i wanted that information in the TACACS ACCOUNTING


This Discussion