Unanswered Question
Mar 12th, 2007
User Badges:
  • Silver, 250 points or more

aaa authentication login userauthen group tacacs+

aaa authorization network NETWORK local

crypto map dynmap client authentication list userauthen

crypto map dynmap isakmp authorization list NETWORK

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

with this commands my vpn client is able to login with the user created locally on the router & looks for TACACS server user account & agains prompts for user name & password, so i enter the TACACS user name & password & i could able to know which users has logged in from which public IP address, but this is getting listed only in PASSED AUTHENTICATION on my Cisco ACS Server, but i wanted them to list in in TACACS ACCOUTING & TACACS ADMINSTRATION, so that i can know which users has logged in & logged out on what time. any help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kaachary Mon, 03/12/2007 - 09:19
User Badges:
  • Cisco Employee,

You need the following vommand as well :

aaa accounting login default start-stop group tacacs+

*Please rate if helped.


Anand Narayana Mon, 03/12/2007 - 22:46
User Badges:
  • Silver, 250 points or more

Hi Kanishka,

Thanks for your reply, the command which you have mentioned should be "aaa accounting exec default start-stop group tacacs+" but this command will just show you the authentication login & logout time of a user who has logged in the Router, but my requirement, a VPN user who ever logs in i wanted that information in the TACACS ACCOUNTING

kaachary Tue, 03/13/2007 - 02:43
User Badges:
  • Cisco Employee,

The doc however is for Radius Accounting.


This Discussion