07-06-2007 01:00 AM - edited 03-10-2019 03:15 PM
Dear All;
I want to set accounting of PIX.
The equipment composition is as follows.
ACS SE : 4.1.1.23.5
PIX 515E : 7.0(6)
PIX setting is as follows.
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ host xx.xx.xx.xx
key xxxxx
aaa accounting command TACACS+
aaa accounting telnet console TACACS+
As a result, configuration parameter was written in ACS.
But User-Name is enable_15.(attached 1.jpg)
Is this a restriction??
Regards,
Reiji
Solved! Go to Solution.
07-06-2007 01:07 AM
Hi Reji,
Seems like we have command authorization configured on the pix. You must have enable authentication configured from the tacacs server then only we would get username is accounting, unlike IOS device pix does not send username to tacacs server, it would send enable_15 as username for all the users.
Configure the following command to make it work.
aaa authentication enable console tacacs+ LOCAL
HTH
-Parminder
07-06-2007 01:07 AM
Hi Reji,
Seems like we have command authorization configured on the pix. You must have enable authentication configured from the tacacs server then only we would get username is accounting, unlike IOS device pix does not send username to tacacs server, it would send enable_15 as username for all the users.
Configure the following command to make it work.
aaa authentication enable console tacacs+ LOCAL
HTH
-Parminder
07-06-2007 01:52 AM
Hi,
Thank you for your reply.
It succeeded when having immediately tested!!
Best Regards,
Reiji
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: