03-02-2009 01:42 AM - edited 03-10-2019 04:21 PM
I am looking for a similar configuration for my Cisco PIX & ASA to configure with Cisco ACS, with the below said commands I could able track what command a user has entered on the switches/router. Any help is highly appreciated for me to configure in PIX & ASA.
aaa new-model
aaa authentication login default group tacacs+ enable local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
03-02-2009 06:32 AM
ASA/PIX/FWSM Configuration
PIX 6.2 : Authentication and Authorization Command Configuration Example
03-03-2009 04:49 AM
Thanks for the response. But this also does accounting like the command whats ever I enter will be listed in the "Report Activity" in the Cisco ACS?
03-03-2009 07:50 AM
The commands that you enter will be shown on either Tacacs Administration or Command accounting, it depends on what version of ACS you have. As the lines needed for command accounting you need to enter pretty much this:
aaa accounting command
Note command accounting only works with TACACS.
03-06-2009 02:49 PM
aaa-server protocol test
aaa-server host .. key...
and all commands should be same
03-07-2009 10:07 AM
Let me give a try on Monday :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide