[j-nsp] Re: AAA on ERX to Cisco Secure ACS

Peter Lundqvist plundqvi at juniper.net
Mon Aug 1 11:39:55 EDT 2005


Of course it do Tacacs accounting


17:37 lunkan at emanuel:~) ssh 192.168.0.66
User Access Verification
Username: erx
Password: ***
Logged in on vty 0 via SSH.
Copyright (c) 1999-2005 Juniper Networks, Inc.  All rights reserved.

erx#sh subc

erx#sh subscrib
erx#sh subscribers
                              Subscriber List
                              ---------------
                                                             Virtual
        User Name           Type         Addr|Endpt           Router
------------------------   -----   --------------------   ------------
lunkan_ppp at lunkan.net      tnl     1.1.1.5/l2tp           default
        User Name                      Interface
------------------------   --------------------------------
lunkan_ppp at lunkan.net      FastEthernet 2/3
        User Name               Login Time
------------------------   -------------------
lunkan_ppp at lunkan.net      05/08/01 17:37:46

erx#


Tacacs server
--------------
(17:36 lunkan at emanuel:/var/tmp) tail -f tacacs.acct
Mon Aug  1 17:37:06 2005        192.168.0.66    erx     vty0 
192.168.0.99    start   task_id=17826329        timezone=UTC 
service=shell
Mon Aug  1 17:37:09 2005        192.168.0.66    erx     vty0 
192.168.0.99    stop    task_id=17826331        timezone=UTC 
service=shell       priv-lvl=0      cmd=exit <cr>
Mon Aug  1 17:37:09 2005        192.168.0.66    erx     vty0 
192.168.0.99    stop    task_id=17826329        timezone=UTC 
service=shell       elapsed_time=3
Mon Aug  1 17:37:52 2005        192.168.0.66    erx     vty0 
192.168.0.200   start   task_id=17826336        timezone=UTC 
service=shell
Mon Aug  1 17:38:02 2005        192.168.0.66    erx     vty0 
192.168.0.200   stop    task_id=17826338        timezone=UTC 
service=shell       priv-lvl=5      cmd=show subscribers <cr>








Thomas, Steven wrote:
> In my experience, the ERX does not do TACACs accounting.  At least not
> in the Cisco sense.  Assuming that you're wanting command line
> accounting, you have to use syslog.  You can get CLI logging turned on
> and sent to a syslog server with the following commands:
> 
>  log destination syslog 10.38.232.16 facility 7 severity debug
>  log severity info cliCommand
> 
> 
> 
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Kim Onnel
> Sent: Sunday, July 31, 2005 5:21 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Re: AAA on ERX to Cisco Secure ACS
> 
> Hello, i have asked this question before, i would appreciate any tips
> about 
> it.
> 
> Regards
> 
> On 6/28/05, Kim Onnel <karim.adel at gmail.com> wrote:
> 
>>Hello,
>>
>>We have a c vendor based network, juniper is stepping in, we started
> 
> with 
> 
>>an ERX and our TACACS is done from a Cisco Secure ACS software, its an
> 
> old 
> 
>>version (3.1), i would like to be able to receive accounting and do 
>>authorzation from there, the authentication is working though, has
> 
> anyone 
> 
>>had any experience with this, how do i make the ACS juniper-enabled ?
>>
>>Regards
>>
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp


-- 
Peter Lundqvist - Beta Engineering
Juniper Networks
Mobile: +46702060472
URL   : http://www.juniper.net


More information about the juniper-nsp mailing list