×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX- shell authorization and accounting

Unanswered Question

Hi,


I've configured my PIX to makea telnet authentication with a TACACS ACS server, now I' ve configured this to take a per user authorization for the exec commands and works fine but :

when the ACS goes down nobody can type a command, the PIX says "authorization failed"?

is there a method to specify a local authorization when the ACS is unreacheble?

Are there some commands to accounting the commands typed by the users?


Thanks VM

Graz.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yusuff Sat, 07/06/2002 - 01:37
User Badges:
  • Cisco Employee,

There is no fallback, so if TACACS goes down, no LOCAL.


There is no actual command accounting available, but by having syslog activated on the PIX, it will show who did what, as shown in the following example:


307002: Permitted Telnet login session from 172.18.124.111

111006: Console Login from pixtest at console

611103: User logged out: Uname: pixtest

307002: Permitted Telnet login session from 172.18.124.111

111006: Console Login from pixtest at console

502103: User priv level changed: Uname: pixtest From: 1 To: 15

111008: User 'pixtest' executed the 'enable' command.

111007: Begin configuration: 172.18.124.111 reading from terminal

111008: User 'pixtest' executed the 'configure t' command.

111008: User 'pixtest' executed the 'write t' command.


R/Yusuf

Actions

This Discussion