Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Access Registrar (CAR) proxy accounting

Can anyone help me with a step by step example on how I could set-up a user account, so as when used accounting session to be dublicated (or forwarded) to another host? Authentication and authorisation will remain local.

Thanks...

4 REPLIES
New Member

Re: Cisco Access Registrar (CAR) proxy accounting

I think you want to store the accounting record locally and also forward it to another RADIUS server. If so, you need to leverage the AR service grouping feature:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/3_0/users/features.htm#1025371

One of the 'group' services will need to be a 'local' file service:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/3_0/concepts/accountg.htm

to do local accounting. The other group service will be a RADIUS one, for RADIUS forwarding.

New Member

Re: Cisco Access Registrar (CAR) proxy accounting

The above links do describe on hoe to use local and remote proxy. My need is a bit different. I need remote proxy on specific usernames or NAS clients. To be more specific, assume that my "DefaultAccountingService~ = local-file ". I also created another sevice called local-file-acct (using the example above) that logs to a file and forwards the acct to a remote host. I then tried to create a TCL script so as, when a username is userA or userB to set Accounting to local-file-acct

proc tProxyAcct {request response environ} {

if { [ string compare [ $environ get User-Name ] "userA" ] == 0 ||

[ string compare [ $environ get User-Name ] "userB" ] ==0 } {

$environ put Authorization-Service "local-file-acct"

}

}

I then apply this to an incoming client.

Any ideas? Where can someone fing tcl resources fir CAR? does TCL run on CAR by default, or do I have to install?

New Member

Re: Cisco Access Registrar (CAR) proxy accounting

You're on the right track. In your example, you need to set the Accounting-Service and not the Authorization-Service.

Yes, the TCL will run without additional configuration, etc. For more information and TCL examples, see:

http://www.cisco.com/warp/public/cc/pd/nemnsw/accreg/prodlit/carcs_wp.htm

New Member

Re: Cisco Access Registrar (CAR) proxy accounting

Yes, you are right. It was something very easy and obvious after all.. I should have get username value from request packets not environment. Here is the correct one...

proc tProxyAcct {request response environ} {

if { [ string compare [ $request get User-Name ] "userA" ] == 0 ||

[ string compare [ $environ get User-Name ] "userB" ] ==0 } {

$environ put Accounting-Service "local-file-acct"

}

}

258
Views
4
Helpful
4
Replies
CreatePlease to create content