[c-nsp] Radius or Tacacs+ for AAA
Lawrence Wong
lawrencewong72 at yahoo.com
Tue Mar 14 02:18:11 EST 2006
--- Asbjorn Hojmark - Lists <Lists at Hojmark.ORG> wrote:
> >> In particular I would like to be able to control
> the
> >> commands/configuration that various users/groups
> can
> >> perform as well as recording the activities.
> Ability
> >> to work with token systems (RSA, etc) would be a
> >> bonus.
>
> > Command accounting/authorization capabilities on
> Cisco devices
> > is only implemented using Tacacs+, so the answer
> regarding the
> > protocol is simple.
>
> Hmm, you can do 'authorization' with RADIUS by using
> the enable
> level and assigning different commands to different
> levels. The
> different users can log in to different levels based
> on the
> reply from the RADIUS-server.
Yeap, that's what I'm trying to achieve.
I know RADIUS was accounting feactires, but if I were
to use radius with Cisco AAA, will I still be able to
keep track of details like login/logout time as well
as commands executed?
TIA!
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the cisco-nsp
mailing list