[c-nsp] Radius or Tacacs+ for AAA
Asbjorn Hojmark - Lists
Lists at Hojmark.ORG
Tue Mar 14 15:01:13 EST 2006
>> Hmm, you can do 'authorization' with RADIUS by using the
>> enable level and assigning different commands to different
>> levels. The different users can log in to different levels
>> based on the reply from the RADIUS-server.
> Yeap, that's what I'm trying to achieve.
See http://tinyurl.com/axoog
> I know RADIUS was accounting feactires, but if I were to use
> radius with Cisco AAA, will I still be able to keep track of
> details like login/logout time as well as commands executed?
You'll not get 'command accounting', only 'session accounting'.
However, if you have a server collecting configs automatically
at each config change, you'll get more or less the same thing:
Knowledge about what was changed by who, when.
-A
More information about the cisco-nsp
mailing list