Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco router 3620 for Lan authentication and accounting!

There is cisco router 3620 in our Lan which connect the internal users to internet through its four ethernet interfaces plus 16 async modems.

I would like to use router with win2000 to authenticate and do some accounting for Lan users but do not know how? I know there is a plenty of programs for dial-in accounting and authentication and authorization but I do not know any for Lan.

Thanks

Edri

  • Other Security Subjects
5 REPLIES
New Member

Re: Cisco router 3620 for Lan authentication and accounting!

I use win2000 IAS ( bundle with win2000)as radius server and verify users account with NT domain for dial up network.

New Member

Re: Cisco router 3620 for Lan authentication and accounting!

You can use ACS 2.6 with AAA in your Router and you can use this Inside the PIX.

this is for your router

aaa authentication fail-message ^CC Access Denied...Please check your Login nam

e and Password.^C

aaa authentication login default group tacacs+ enable

aaa authentication ppp default group tacacs+

aaa accounting exec default wait-start group tacacs+

aaa accounting network default wait-start group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

this for your asyn interface

interface Async43

description Access to Corp - M21-A11 - Tel: 555-5555

ip unnumbered Ethernet0/0

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression passive

async dynamic routing

async mode interactive

peer default ip address pool cisco

no cdp enable

ppp authentication pap

you have to install the ACS2.6 on NT2000 server

tacacs-server host 172.xxx.xxx.18

tacacs-server key 123

and this for your PIX

tacacs-server (inside) host 172.xxx.xxx.18 123 timeout 5

aaa authentication any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tacacs+

aaa authentication telnet console tacacs+

aaa authentication any dmz1 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tacacs+

aaa accounting any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tacacs+

aaa accounting any dmz1 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tacacs+

Hope this help!

New Member

Re: Cisco router 3620 for Lan authentication and accounting!

Thank you very much for the guidance.

But the problem is we do not have any pix device.

regards,

New Member

Re: Cisco router 3620 for Lan authentication and accounting!

don´t worry omit the PIX´s configuration and use the rest, its work very well!

New Member

Re: Cisco router 3620 for Lan authentication and accounting!

Is this worth doing?

174
Views
0
Helpful
5
Replies
This widget could not be displayed.