No, the cisco devices do not send command logs via radius. I compiled a
tacacs server and configured it to handle accounting records. I then
used the following to set up aaa on the router:
aaa new-model
aaa authentication login default group radius local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting send stop-record authentication failure
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default wait-start group radius
aaa accounting system default start-stop group radius
tacacs-server host 192.168.0.15
tacacs-server key XXXXXXXX
radius-server host 192.168.0.15 auth-port 1812 acct-port 1813 key
XXXXXXXX
radius-server retransmit 3
radius-server vsa send accounting
The tacacs server is avaliable here:
http://www.pro-bono-publico.de/projects/
regards,
Frank Ranner
________________________________
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of satish patel
Sent: Thursday, 22 March 2007 17:33
To: freeradius-users
Subject: freeradius cisco command accounting
Dear's
is there any feature in freeradius provide cisco
command accouning means users run command on cisco router and radius
provide me command log ?? per users i want to replace my tacace with
freeradius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
