Solved: Configuration of tacacs and AAA accounting + PIX-515E

r.ogawa · ‎07-06-2007

Dear All;

I want to set accounting of PIX.

The equipment composition is as follows.

ACS SE : 4.1.1.23.5

PIX 515E : 7.0(6)

PIX setting is as follows.

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ host xx.xx.xx.xx

key xxxxx

aaa accounting command TACACS+

aaa accounting telnet console TACACS+

As a result, configuration parameter was written in ACS.

But User-Name is enable_15.(attached 1.jpg)

Is this a restriction??

Regards,

Reiji

parmsing · ‎07-06-2007

Hi Reji,

Seems like we have command authorization configured on the pix. You must have enable authentication configured from the tacacs server then only we would get username is accounting, unlike IOS device pix does not send username to tacacs server, it would send enable_15 as username for all the users.

Configure the following command to make it work.

aaa authentication enable console tacacs+ LOCAL

HTH

-Parminder

View solution in original post

parmsing · ‎07-06-2007

Hi Reji,

Seems like we have command authorization configured on the pix. You must have enable authentication configured from the tacacs server then only we would get username is accounting, unlike IOS device pix does not send username to tacacs server, it would send enable_15 as username for all the users.

Configure the following command to make it work.

aaa authentication enable console tacacs+ LOCAL

HTH

-Parminder

r.ogawa · ‎07-06-2007

Hi,

Thank you for your reply.

It succeeded when having immediately tested!!

Best Regards,

Reiji