Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Configuration of tacacs and AAA accounting + PIX-515E

Dear All;

I want to set accounting of PIX.

The equipment composition is as follows.

ACS SE : 4.1.1.23.5

PIX 515E : 7.0(6)

PIX setting is as follows.

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ host xx.xx.xx.xx

key xxxxx

aaa accounting command TACACS+

aaa accounting telnet console TACACS+

As a result, configuration parameter was written in ACS.

But User-Name is enable_15.(attached 1.jpg)

Is this a restriction??

Regards,

Reiji

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Configuration of tacacs and AAA accounting + PIX-515E

Hi Reji,

Seems like we have command authorization configured on the pix. You must have enable authentication configured from the tacacs server then only we would get username is accounting, unlike IOS device pix does not send username to tacacs server, it would send enable_15 as username for all the users.

Configure the following command to make it work.

aaa authentication enable console tacacs+ LOCAL

HTH

-Parminder

2 REPLIES
Community Member

Re: Configuration of tacacs and AAA accounting + PIX-515E

Hi Reji,

Seems like we have command authorization configured on the pix. You must have enable authentication configured from the tacacs server then only we would get username is accounting, unlike IOS device pix does not send username to tacacs server, it would send enable_15 as username for all the users.

Configure the following command to make it work.

aaa authentication enable console tacacs+ LOCAL

HTH

-Parminder

Community Member

Re: Configuration of tacacs and AAA accounting + PIX-515E

Hi,

Thank you for your reply.

It succeeded when having immediately tested!!

Best Regards,

Reiji

702
Views
0
Helpful
2
Replies
CreatePlease to create content