03-12-2007 05:15 AM
aaa authentication login userauthen group tacacs+
aaa authorization network NETWORK local
crypto map dynmap client authentication list userauthen
crypto map dynmap isakmp authorization list NETWORK
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
with this commands my vpn client is able to login with the user created locally on the router & looks for TACACS server user account & agains prompts for user name & password, so i enter the TACACS user name & password & i could able to know which users has logged in from which public IP address, but this is getting listed only in PASSED AUTHENTICATION on my Cisco ACS Server, but i wanted them to list in in TACACS ACCOUTING & TACACS ADMINSTRATION, so that i can know which users has logged in & logged out on what time. any help?
03-12-2007 09:19 AM
You need the following vommand as well :
aaa accounting login default start-stop group tacacs+
*Please rate if helped.
-Kanishka
03-12-2007 10:46 PM
Hi Kanishka,
Thanks for your reply, the command which you have mentioned should be "aaa accounting exec default start-stop group tacacs+" but this command will just show you the authentication login & logout time of a user who has logged in the Router, but my requirement, a VPN user who ever logs in i wanted that information in the TACACS ACCOUNTING
03-13-2007 02:39 AM
Hi Ananda,
This should solve your purpose.
http://cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455af8.html
*Please rate if helped.
-Kanishka
03-13-2007 02:43 AM
The doc however is for Radius Accounting.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide