• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

AAA Radius Accounting on PIX Firewall

J

jlazzaro

Golden Member
I have SBR setup on all the routers/firewalls, they all authenticate fine with no problems. However, I would like to know who is logged into what via the SBR Administration Current Sessions. I have a 3Com HiPer ARC setup with accounting and I can view the sessions no problem, but this is not true for any of the cisco routers/firewalls...

On the Firewalls, I have:
aaa accounting include any outbound 0 0 0 0 RADIUS

On the Routers, I have:
aaa accounting connection acct-list start-stop group radius
line vty 0 4
accounting connection acct-list

Even with these commands, I am not seeing any Accounting from the Cisco's in the SBR log file. Are these commands correct for viewing current telnet sessions? Thanks!
 
steel belted radius...

authentication for telnet logins are working fine, i am trying to add the accounting info so it sends start/stop packets to the radius server when people authenticate or logoff . This way i can see who is logged onto what device, when, for how long, ect...
 
what do you mean by "logged into the device" because it is very important.

do you mean people who connect to a VTY line? Or do you mean other forms of authentication like forcing authentication for being allowed to the internet?

What versions of IOS? What versions of PIX? What version of the radius software?

all this is very important.
 
well that is for connection accounting - connections made from the device itself.

what you want is exec (or shell) accounting.

search cisco for it, I'm sure there is plenty.

I think it is something like

aaa accounting exec default start-stop <method list>

-edit-
I just poked around. Don't think that is supported on the PIX with radius. have to use TACACS+.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top