Subject: RARE user and assistance email list
List archive
- From: Frédéric LOUI <>
- To:
- Cc:
- Subject: Re: [RARE-users] freeRtr AV pairs documentation
- Date: Mon, 7 Aug 2023 10:00:18 +0200
- Dkim-filter: OpenDKIM Filter v2.10.3 zmtaauth04.partage.renater.fr 40F991C00D6
Hi Piotr,
There is a dedicated maiiling list freeRtr control plane questions.
please refer to <> only.
I’ve never used external "aaa authorization" personally.
If this is something important to you, you can ask for a feature request,
freeRtr lead maintainer might add it in its todo list.
All the best,
Frederic
> Le 2 août 2023 à 00:03, Piotr Boguszewski <> a écrit :
>
> Hi,
>
> I have been trying to configure AAA authorization using freeRtr.
> Shown example works for command authorization configured locally, the
> authentication works using external AAA appliance TACACS+NG.
>
> -------------------------------------------
>
> R104#show running-config aaa
> aaa tacacs AAA-1
> secret $v10$MTIzLW15X3RhY2Fjc19rZXk=
> server 192.0.2.1
> exit
> aaa userlist AAA-command
> allowed show .*
> allowed exit
> allowed logout
> allowed differs .*
> allowed view .*
> allowed display .*
> allowed watch .*
> allowed terminal .*
> allowed game .*
> exit
>
> R104#show running-config server telnet R104-T
> server telnet R104-T
> security protocol telnet
> exec authorization AAA-command
> login authentication AAA-1
> vrf v1
> exit
> !
>
> R104#show aaa ?
> <name> - aaa list
> AAA-1 - aaa list
> AAA-command - aaa list
>
> R104#show aaa AAA-1
> reply times ago last
> ok 9 00:01:11 2023-08-01 21:56:51
> fail 2 00:27:13 2023-08-01 21:30:49
> error 0 never 1970-01-01 00:00:00
>
>
> R104#show aaa AAA-command
> reply times ago last
> ok 6 00:00:00 2023-08-01 21:58:06
> fail 1 00:00:52 2023-08-01 21:57:14
> error 0 never 1970-01-01 00:00:00
>
> user times ago last
>
> R104#show users
> user from since
> cisco telnet ethernet1 23 -> 10.100.100.10 47464 00:01:48
> <nobody> tty1 00:02:17
>
> -------------------------------------------
>
> I would like to move the command authorization to a TACACS+ daemon.
> I did not find documentation about this topic, nothing of use.
> Also I do not know if command authorization would be working with
> freeRtr.
>
> Is there something similar for documentation like this for freeRtr,
> regarding AV pairs and TACACS+ or RADIUS like this document here:
> https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html
>
> Thanks.
>
> Piotr B.
>
- [RARE-users] freeRtr AV pairs documentation, Piotr Boguszewski, 08/01/2023
- Re: [RARE-users] freeRtr AV pairs documentation, Frédéric LOUI, 08/07/2023
Archive powered by MHonArc 2.6.24.