RE: Question regarding Cisco Secure and AS5200 server

From: abdul_rahim@xxxxxxxxxxxxxx
Date: Mon Oct 09 2000 - 00:07:28 GMT-3

• Next message: David H. Brown: "RE: Frame Switch - Help!"
• Previous message: Derek Buelna: "RE: appletalk local-routing command"
• Maybe in reply to: Granofsky, Aaron: "RE: Question regarding Cisco Secure and AS5200 server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks I also changed the aaa ccounting connection default start-stop
tacacs+

I see the following log output on the As5200 when I make a network
connection form the dial in client

Oct 9 03:01:15: %SEC-6-IPACCESSLOGP: list 101 permitted udp 146.184.31.26(0)
 146.184.31.206(0), 1 packet

.Oct 9 02:59:36: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp 146.184.31.26
 146.184.31.75 (0/0), 1 packet

.Oct 9 03:06:02: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp 146.184.31.26 -
>
 146.184.74.60 (0/0), 1 packet

But I cant find this logging on the Cisco Secure any where
Is this accounting Information been successfully send to the Cisco Secure,If ye
s then what do I have to enable on cisco Secure to see it

I was using debug aaa accounting

Thanks and waiting for your feedbacks
Thanks
Abdul

"Granofsky, Aaron" <AGranofsky@bns.nec.com>@groupstudy.com on 10/08/2000
10:03:51 AM

Please respond to "Granofsky, Aaron" <AGranofsky@bns.nec.com>

Sent by: nobody@groupstudy.com

To: abdul_rahim@ccsi.canon.com
      "Granofsky, Aaron" <AGranofsky@bns.nec.com>
cc: ccielab@groupstudy.com
Subject: RE: Question regarding Cisco Secure and AS5200 server

Abdul,

The end of this command is why you're not seeing connections in you're
tacacs log:

aaa accounting connection default start-stop *radius*

As to the rest I'm not sure.

Try debugging the following:
debug aaa authe
debug aaa autho
debug aaa acc
debug tacacs

The output isn't too esoteric, and should help tell you what's happening.

You can also stop the cstacacs service and run it on the command line. (The
executable is in the cstacacs directory.) This will tell you if the NAS
output is getting to CSNT.

Hope this helps,
Aaron

-----Original Message-----
From: abdul_rahim@ccsi.canon.com [mailto:abdul_rahim@ccsi.canon.com]
Sent: Thursday, September 28, 2000 8:47 PM
To: Granofsky, Aaron
Cc: abdul_rahim@ccsi.canon.com; ccielab@groupstudy.com
Subject: RE: Question regarding Cisco Secure and AS5200 server

I have laready given the following commands on my AS5200 server

aaa new-model
aaa authentication login default local tacacs+ enable
aaa authentication login no_tacacs+ local
aaa authentication ppp default local tacacs+
aaa authorization exec default local tacacs+ if-authenticated
aaa authorization network default local tacacs+ if-authenticated
aaa accounting update newinfo
aaa accounting exec default start-stop tacacs+
aaa accounting network default start-stop tacacs+
aaa accounting connection default start-stop radius
aaa accounting system default start-stop tacacs+

But In the TACACS+ accounting log I see the following logs

09/28/2000 20:05:44 mwolf Remote Allowed async stop 467 ppp .. 62340 132916
604 661 47461 172.16.2.247 Async10 146.184.72.6 .. 970196277 .. .. .. ..

PPP 6 2 ip .. 1 .. ..
09/28/2000 20:01:00 mwolf Remote Allowed .. NAS Reset 184 .. .. .. .. .. ..
47461 .. Async10 146.184.72.6 .. .. .. .. .. .. .. .. .. .. .. .. .. ..

09/28/2000 19:57:56 mwolf Remote Allowed async start .. ppp .. .. .. .. ..
47461 .. Async10 146.184.72.6 .. 970196277 .. .. .. .. PPP 6 2 .. .. 1 ..

..
09/28/2000 19:56:49 mwolf Remote Allowed async stop 25 ppp .. 38553 7468
130

I never see a connect accts-flags and never do I see a service othere then
ppp
Thanks in advance if some one can help me on it
Abdul

"Granofsky, Aaron" <AGranofsky@bns.nec.com> on 09/28/2000 11:07:15 AM

To: abdul_rahim@ccsi.canon.com
      ccielab@groupstudy.com
cc:
Subject: RE: Question regarding Cisco Secure and AS5200 server

Abdul,

The following statements are required on the router for the telnet session:

aaa authentication login default tacacs+
aaa authorization exec tacacs+
aaa accounting exec start-stop tacacs+

On CSNT click on Shell(Exec) under the group profile.

If you add these commands you can also do AAA on the commands that are
entered:
aaa authorization commands <0-15> tacacs+
aaa accounting commands start-stop tacacs+

To suppport command AAA on CSNT do the following within the group profile:

assign a privilege level to the group
(optional) select the command box, and permit or deny any commands

Hope this helps,
Aaron

-----Original Message-----
From: abdul_rahim@ccsi.canon.com [mailto:abdul_rahim@ccsi.canon.com]
Sent: Thursday, September 21, 2000 11:37 AM
To: ccielab@groupstudy.com
Subject: Question regarding Cisco Secure and AS5200 server

Hi all
Can we log the connections ( telnet ) the dial up user makes after he gets
authenticated by TACACS+ ( Cisco secure )
If yes then what are the neccessary steps needed both on the AS5200 Server
and the Cisco Secure for NT software as well
I did find that aaa accounting connection comand but It doesent shows me
any thing on the Cisco Secure
Can any body help me on it
Thanks
Abdul Rahim

• Next message: David H. Brown: "RE: Frame Switch - Help!"
• Previous message: Derek Buelna: "RE: appletalk local-routing command"
• Maybe in reply to: Granofsky, Aaron: "RE: Question regarding Cisco Secure and AS5200 server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:24 GMT-3