03-23-2010 02:38 PM - edited 02-21-2020 03:54 AM
For auditing purposes I want to use SNMP traps to account for PPPoE users on a router? I don't see a way to do this. Is is possible? If not, what's the best way to go about this?
Solved! Go to Solution.
03-24-2010 04:22 PM
"snmp-server enable traps pppoe" doesn't provide that typo of info, nor do I think it should anyway. OTOH, if you configure "aaa accounting" globally or "ppp accounting" per interface, the NAS (your rtr) can report such user info to the AAA (RADIUS or TACACS) backend:
rtr# show accounting
Active Accounted actions on tty0, User (not logged in) Priv 1
Task ID 1, EXEC Accounting record, 00:35:16 Elapsed
task_id=1 service=shell
Active Accounted actions on tty33, User ellie Priv 1
Task ID 16, EXEC Accounting record, 00:00:17 Elapsed
task_id=16 service=shell
Active Accounted actions on Interface Async33, User tom Priv 1
Task ID 17, Network Accounting record, 00:00:13 Elapsed
task_id=17 service=ppp protocol=ip addr=10.0.0.1
Then it's a matter of instrumenting a solution on the AAA server to alert/report however you want for the auditors. I'd think SNMP trap wouldn't be the first choice as the delivery mechanism in that case, as there're far more straight-forward options on a server.
Alternatively, If you believe such info can be obtained with some show commands on the router itself, and the router supports EEM, I'd suggest seeking a potential EEM-based solution over in the other Network Management forum (https://supportforums.cisco.com/community/netpro/network-infrastructure/network-management), which can certainly generate SNMP trap accordingly.
03-24-2010 10:53 AM
What do you mean by "account for PPPoE users"? Send a trap every time a PPPoE user signs on or off?
03-24-2010 11:13 AM
Yes, I'm looking for username, IP address, and time signed on/off.
03-24-2010 04:22 PM
"snmp-server enable traps pppoe" doesn't provide that typo of info, nor do I think it should anyway. OTOH, if you configure "aaa accounting" globally or "ppp accounting" per interface, the NAS (your rtr) can report such user info to the AAA (RADIUS or TACACS) backend:
rtr# show accounting
Active Accounted actions on tty0, User (not logged in) Priv 1
Task ID 1, EXEC Accounting record, 00:35:16 Elapsed
task_id=1 service=shell
Active Accounted actions on tty33, User ellie Priv 1
Task ID 16, EXEC Accounting record, 00:00:17 Elapsed
task_id=16 service=shell
Active Accounted actions on Interface Async33, User tom Priv 1
Task ID 17, Network Accounting record, 00:00:13 Elapsed
task_id=17 service=ppp protocol=ip addr=10.0.0.1
Then it's a matter of instrumenting a solution on the AAA server to alert/report however you want for the auditors. I'd think SNMP trap wouldn't be the first choice as the delivery mechanism in that case, as there're far more straight-forward options on a server.
Alternatively, If you believe such info can be obtained with some show commands on the router itself, and the router supports EEM, I'd suggest seeking a potential EEM-based solution over in the other Network Management forum (https://supportforums.cisco.com/community/netpro/network-infrastructure/network-management), which can certainly generate SNMP trap accordingly.
03-25-2010 10:31 AM
Thanks. That answers my question. -Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide