[c-nsp] Radius or Tacacs+ for AAA

Asbjorn Hojmark - Lists Lists at Hojmark.ORG
Tue Mar 14 15:01:13 EST 2006


>> Hmm, you can do 'authorization' with RADIUS by using the
>> enable level and assigning different commands to different
>> levels. The different users can log in to different levels
>> based on the reply from the RADIUS-server.

> Yeap, that's what I'm trying to achieve.

See http://tinyurl.com/axoog

> I know RADIUS was accounting feactires, but if I were to use
> radius with Cisco AAA, will I still be able to keep track of
> details like login/logout time as well as commands executed?

You'll not get 'command accounting', only 'session accounting'.
However, if you have a server collecting configs automatically
at each config change, you'll get more or less the same thing:
Knowledge about what was changed by who, when.

-A



More information about the cisco-nsp mailing list