Configuration of tacacs and AAA accounting + PIX-515E

Answered Question
Jul 6th, 2007
User Badges:

Dear All;


I want to set accounting of PIX.

The equipment composition is as follows.


ACS SE : 4.1.1.23.5

PIX 515E : 7.0(6)


PIX setting is as follows.


aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ host xx.xx.xx.xx

key xxxxx

aaa accounting command TACACS+

aaa accounting telnet console TACACS+


As a result, configuration parameter was written in ACS.

But User-Name is enable_15.(attached 1.jpg)


Is this a restriction??


Regards,

Reiji




Attachment: 
Correct Answer by parmsing about 9 years 11 months ago

Hi Reji,


Seems like we have command authorization configured on the pix. You must have enable authentication configured from the tacacs server then only we would get username is accounting, unlike IOS device pix does not send username to tacacs server, it would send enable_15 as username for all the users.


Configure the following command to make it work.


aaa authentication enable console tacacs+ LOCAL


HTH

-Parminder

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
parmsing Fri, 07/06/2007 - 01:07
User Badges:

Hi Reji,


Seems like we have command authorization configured on the pix. You must have enable authentication configured from the tacacs server then only we would get username is accounting, unlike IOS device pix does not send username to tacacs server, it would send enable_15 as username for all the users.


Configure the following command to make it work.


aaa authentication enable console tacacs+ LOCAL


HTH

-Parminder

r.ogawa Fri, 07/06/2007 - 01:52
User Badges:

Hi,


Thank you for your reply.

It succeeded when having immediately tested!!


Best Regards,

Reiji

Actions

This Discussion