TACACS ACCONTING & ADMINSTRATION for VPN user login

Anand Narayana · ‎03-12-2007

aaa authentication login userauthen group tacacs+

aaa authorization network NETWORK local

crypto map dynmap client authentication list userauthen

crypto map dynmap isakmp authorization list NETWORK

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

with this commands my vpn client is able to login with the user created locally on the router & looks for TACACS server user account & agains prompts for user name & password, so i enter the TACACS user name & password & i could able to know which users has logged in from which public IP address, but this is getting listed only in PASSED AUTHENTICATION on my Cisco ACS Server, but i wanted them to list in in TACACS ACCOUTING & TACACS ADMINSTRATION, so that i can know which users has logged in & logged out on what time. any help?

kaachary · ‎03-12-2007

You need the following vommand as well :

aaa accounting login default start-stop group tacacs+

*Please rate if helped.

-Kanishka

Anand Narayana · ‎03-12-2007

Hi Kanishka,

Thanks for your reply, the command which you have mentioned should be "aaa accounting exec default start-stop group tacacs+" but this command will just show you the authentication login & logout time of a user who has logged in the Router, but my requirement, a VPN user who ever logs in i wanted that information in the TACACS ACCOUNTING

kaachary · ‎03-13-2007

Hi Ananda,

This should solve your purpose.

http://cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455af8.html

*Please rate if helped.

-Kanishka

kaachary · ‎03-13-2007

The doc however is for Radius Accounting.