[j-nsp] Re: AAA on ERX to Cisco Secure ACS
Thomas, Steven
SThomas at birch.com
Mon Aug 1 11:50:49 EDT 2005
I stand corrected. What code version is that? Its been a while since I
tried it, maybe I just didn't have the aaa statements right.
-----Original Message-----
From: Peter Lundqvist [mailto:plundqvi at juniper.net]
Sent: Monday, August 01, 2005 10:40 AM
To: Thomas, Steven
Cc: Kim Onnel; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Re: AAA on ERX to Cisco Secure ACS
Of course it do Tacacs accounting
17:37 lunkan at emanuel:~) ssh 192.168.0.66
User Access Verification
Username: erx
Password: ***
Logged in on vty 0 via SSH.
Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved.
erx#sh subc
erx#sh subscrib
erx#sh subscribers
Subscriber List
---------------
Virtual
User Name Type Addr|Endpt Router
------------------------ ----- -------------------- ------------
lunkan_ppp at lunkan.net tnl 1.1.1.5/l2tp default
User Name Interface
------------------------ --------------------------------
lunkan_ppp at lunkan.net FastEthernet 2/3
User Name Login Time
------------------------ -------------------
lunkan_ppp at lunkan.net 05/08/01 17:37:46
erx#
Tacacs server
--------------
(17:36 lunkan at emanuel:/var/tmp) tail -f tacacs.acct
Mon Aug 1 17:37:06 2005 192.168.0.66 erx vty0
192.168.0.99 start task_id=17826329 timezone=UTC
service=shell
Mon Aug 1 17:37:09 2005 192.168.0.66 erx vty0
192.168.0.99 stop task_id=17826331 timezone=UTC
service=shell priv-lvl=0 cmd=exit <cr>
Mon Aug 1 17:37:09 2005 192.168.0.66 erx vty0
192.168.0.99 stop task_id=17826329 timezone=UTC
service=shell elapsed_time=3
Mon Aug 1 17:37:52 2005 192.168.0.66 erx vty0
192.168.0.200 start task_id=17826336 timezone=UTC
service=shell
Mon Aug 1 17:38:02 2005 192.168.0.66 erx vty0
192.168.0.200 stop task_id=17826338 timezone=UTC
service=shell priv-lvl=5 cmd=show subscribers <cr>
Thomas, Steven wrote:
> In my experience, the ERX does not do TACACs accounting. At least not
> in the Cisco sense. Assuming that you're wanting command line
> accounting, you have to use syslog. You can get CLI logging turned on
> and sent to a syslog server with the following commands:
>
> log destination syslog 10.38.232.16 facility 7 severity debug
> log severity info cliCommand
>
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Kim Onnel
> Sent: Sunday, July 31, 2005 5:21 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Re: AAA on ERX to Cisco Secure ACS
>
> Hello, i have asked this question before, i would appreciate any tips
> about
> it.
>
> Regards
>
> On 6/28/05, Kim Onnel <karim.adel at gmail.com> wrote:
>
>>Hello,
>>
>>We have a c vendor based network, juniper is stepping in, we started
>
> with
>
>>an ERX and our TACACS is done from a Cisco Secure ACS software, its an
>
> old
>
>>version (3.1), i would like to be able to receive accounting and do
>>authorzation from there, the authentication is working though, has
>
> anyone
>
>>had any experience with this, how do i make the ACS juniper-enabled ?
>>
>>Regards
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
--
Peter Lundqvist - Beta Engineering
Juniper Networks
Mobile: +46702060472
URL : http://www.juniper.net
More information about the juniper-nsp
mailing list