cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2511
Views
0
Helpful
5
Replies

Cisco router 3620 for Lan authentication and accounting!

medri
Level 1
Level 1

There is cisco router 3620 in our Lan which connect the internal users to internet through its four ethernet interfaces plus 16 async modems.

I would like to use router with win2000 to authenticate and do some accounting for Lan users but do not know how? I know there is a plenty of programs for dial-in accounting and authentication and authorization but I do not know any for Lan.

Thanks

Edri

5 Replies 5

henry_banh
Level 1
Level 1

I use win2000 IAS ( bundle with win2000)as radius server and verify users account with NT domain for dial up network.

sergio.lewis
Level 1
Level 1

You can use ACS 2.6 with AAA in your Router and you can use this Inside the PIX.

this is for your router

aaa authentication fail-message ^CC Access Denied...Please check your Login nam

e and Password.^C

aaa authentication login default group tacacs+ enable

aaa authentication ppp default group tacacs+

aaa accounting exec default wait-start group tacacs+

aaa accounting network default wait-start group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

this for your asyn interface

interface Async43

description Access to Corp - M21-A11 - Tel: 555-5555

ip unnumbered Ethernet0/0

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression passive

async dynamic routing

async mode interactive

peer default ip address pool cisco

no cdp enable

ppp authentication pap

you have to install the ACS2.6 on NT2000 server

tacacs-server host 172.xxx.xxx.18

tacacs-server key 123

and this for your PIX

tacacs-server (inside) host 172.xxx.xxx.18 123 timeout 5

aaa authentication any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tacacs+

aaa authentication telnet console tacacs+

aaa authentication any dmz1 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tacacs+

aaa accounting any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tacacs+

aaa accounting any dmz1 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tacacs+

Hope this help!

Thank you very much for the guidance.

But the problem is we do not have any pix device.

regards,

don´t worry omit the PIX´s configuration and use the rest, its work very well!

rmeagher
Level 1
Level 1

Is this worth doing?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: