[j-nsp] Re: AAA on ERX to Cisco Secure ACS
Peter Lundqvist
plundqvi at juniper.net
Mon Aug 1 11:54:08 EDT 2005
Not corrected, just an add...
honestly i prefer syslog anyday for any logging, much easier to use
with scripting etc...
Thomas, Steven wrote:
> I stand corrected. What code version is that? Its been a while since I
> tried it, maybe I just didn't have the aaa statements right.
>
> -----Original Message-----
> From: Peter Lundqvist [mailto:plundqvi at juniper.net]
> Sent: Monday, August 01, 2005 10:40 AM
> To: Thomas, Steven
> Cc: Kim Onnel; juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Re: AAA on ERX to Cisco Secure ACS
>
>
> Of course it do Tacacs accounting
>
>
> 17:37 lunkan at emanuel:~) ssh 192.168.0.66
> User Access Verification
> Username: erx
> Password: ***
> Logged in on vty 0 via SSH.
> Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved.
>
> erx#sh subc
>
> erx#sh subscrib
> erx#sh subscribers
> Subscriber List
> ---------------
> Virtual
> User Name Type Addr|Endpt Router
> ------------------------ ----- -------------------- ------------
> lunkan_ppp at lunkan.net tnl 1.1.1.5/l2tp default
> User Name Interface
> ------------------------ --------------------------------
> lunkan_ppp at lunkan.net FastEthernet 2/3
> User Name Login Time
> ------------------------ -------------------
> lunkan_ppp at lunkan.net 05/08/01 17:37:46
>
> erx#
>
>
> Tacacs server
> --------------
> (17:36 lunkan at emanuel:/var/tmp) tail -f tacacs.acct
> Mon Aug 1 17:37:06 2005 192.168.0.66 erx vty0
> 192.168.0.99 start task_id=17826329 timezone=UTC
> service=shell
> Mon Aug 1 17:37:09 2005 192.168.0.66 erx vty0
> 192.168.0.99 stop task_id=17826331 timezone=UTC
> service=shell priv-lvl=0 cmd=exit <cr>
> Mon Aug 1 17:37:09 2005 192.168.0.66 erx vty0
> 192.168.0.99 stop task_id=17826329 timezone=UTC
> service=shell elapsed_time=3
> Mon Aug 1 17:37:52 2005 192.168.0.66 erx vty0
> 192.168.0.200 start task_id=17826336 timezone=UTC
> service=shell
> Mon Aug 1 17:38:02 2005 192.168.0.66 erx vty0
> 192.168.0.200 stop task_id=17826338 timezone=UTC
> service=shell priv-lvl=5 cmd=show subscribers <cr>
>
>
>
>
>
>
>
>
> Thomas, Steven wrote:
>
>>In my experience, the ERX does not do TACACs accounting. At least not
>>in the Cisco sense. Assuming that you're wanting command line
>>accounting, you have to use syslog. You can get CLI logging turned on
>>and sent to a syslog server with the following commands:
>>
>> log destination syslog 10.38.232.16 facility 7 severity debug
>> log severity info cliCommand
>>
>>
>>
>>-----Original Message-----
>>From: juniper-nsp-bounces at puck.nether.net
>>[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Kim Onnel
>>Sent: Sunday, July 31, 2005 5:21 AM
>>To: juniper-nsp at puck.nether.net
>>Subject: [j-nsp] Re: AAA on ERX to Cisco Secure ACS
>>
>>Hello, i have asked this question before, i would appreciate any tips
>>about
>>it.
>>
>>Regards
>>
>>On 6/28/05, Kim Onnel <karim.adel at gmail.com> wrote:
>>
>>
>>>Hello,
>>>
>>>We have a c vendor based network, juniper is stepping in, we started
>>
>>with
>>
>>
>>>an ERX and our TACACS is done from a Cisco Secure ACS software, its an
>>
>>old
>>
>>
>>>version (3.1), i would like to be able to receive accounting and do
>>>authorzation from there, the authentication is working though, has
>>
>>anyone
>>
>>
>>>had any experience with this, how do i make the ACS juniper-enabled ?
>>>
>>>Regards
>>>
>>
>>_______________________________________________
>>juniper-nsp mailing list juniper-nsp at puck.nether.net
>>http://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>_______________________________________________
>>juniper-nsp mailing list juniper-nsp at puck.nether.net
>>http://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
--
Peter Lundqvist - Beta Engineering
Juniper Networks
Mobile: +46702060472
URL : http://www.juniper.net
More information about the juniper-nsp
mailing list