Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
961
Views
0
Helpful
1
Replies

PIX- shell authorization and accounting

g.rodegari
Level 1
Level 1

‎07-05-2002 06:49 AM - edited ‎02-20-2020 10:08 PM

Hi,

I've configured my PIX to makea telnet authentication with a TACACS ACS server, now I' ve configured this to take a per user authorization for the exec commands and works fine but :

when the ACS goes down nobody can type a command, the PIX says "authorization failed"?

is there a method to specify a local authorization when the ACS is unreacheble?

Are there some commands to accounting the commands typed by the users?

Thanks VM

Graz.

0 Helpful
1 Reply 1

yusuff
Cisco Employee
Cisco Employee

‎07-06-2002 01:37 AM

There is no fallback, so if TACACS goes down, no LOCAL.

There is no actual command accounting available, but by having syslog activated on the PIX, it will show who did what, as shown in the following example:

307002: Permitted Telnet login session from 172.18.124.111

111006: Console Login from pixtest at console

611103: User logged out: Uname: pixtest

307002: Permitted Telnet login session from 172.18.124.111

111006: Console Login from pixtest at console

502103: User priv level changed: Uname: pixtest From: 1 To: 15

111008: User 'pixtest' executed the 'enable' command.

111007: Begin configuration: 172.18.124.111 reading from terminal

111008: User 'pixtest' executed the 'configure t' command.

111008: User 'pixtest' executed the 'write t' command.

R/Yusuf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card