01-13-2014 03:29 AM - edited 03-10-2019 09:16 PM
Hi ALL,
the authentication on a Router 2911 is done via tacacs (ACS 5.1). In the dashboard (or in the reports) of ACS the IP address of the "calling station" (client used for authentication activity) is not reported. If I use RADIUS I could configure the router to send attributes (such as the number 31 = calling-station-id). How can I solve with tacacs protocol instead?
Thanks in advance,
Davide
01-13-2014 04:00 AM
Davide,
Not exactly the same usage, BUT when you're attempting to authenticate to device via tacacs it would send remote address.
What's the use case, if I may know?
M.
01-13-2014 04:54 AM
Hi Marcin and thanks for your answer. The use case is a simple authentication activity. I've made a check and as you correctly show it is possible to retrieve the IP address of the remote client looking at the details of the log entry. It's very good news! However in the main (live) dashboard that information is not shown... Do you know why?
Davide.
01-13-2014 05:15 AM
Davide,
I think it was conscious design choice, the IP address in administration could be misleading. Although I'm not part of business unit so I'm not the best to comment.
If you're looking for a place where it pops up, check accounting logs, you should be able to see the IP address as part of the audit session key.
M.
01-13-2014 05:55 AM
Hi Marcin,
could you provide the detailed path to get the "audit session key" report shown above? Our version is ACS 5.1... maybe is missing?
Thanks,
Davide
01-13-2014 06:05 AM
Davide,
No access to 5.1 I'm afraid, at least to one I can test freely.
AAA Protocol > TACACS+ Accounting is where the session key should be visible.
Verfied for both IOS and ASA exec accounting.
M.
01-13-2014 06:27 AM
I've found this:
Unfortunately it's a bug of this specific version...
Davide
01-13-2014 07:56 AM
Davide,
Good find, this one has not been fixed in any ACS release and is considered an enhancement.
Go figure... :/
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide