|
Command or Action |
Purpose |
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
- Enter your password if prompted.
|
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode. |
|
aaa intercept
Example:
Router(config)# aaa intercept
|
Enables lawful intercept on the router.
- Associate this command with a high administrative security to ensure that unauthorized users cannot stop intercepts if this command is removed.
|
|
aaa authentication ppp default group radius
Example:
Router(config)# aaa authentication ppp default group radius
|
Specifies the authentication method to use on the serial interfaces that are running Point-to-Point protocol (PPP).
Note |
This command is required because tap information resides only on the RADIUS server. You can authenticate with locally configured information, but you cannot specify a tap with locally configured information. |
|
|
aaa accounting delay-start all
Example:
Router(config)# aaa accounting delay-start all
|
Delays the generation of accounting start records until the user IP address is established. Specifying the all keyword ensures that the delay applies to all VRF and non-VRF users.
Note |
This command is required so that the mediation device can see the IP address assigned to the target. |
|
|
aaa accounting send stop-record authentication failure
Example:
Router(config)# aaa accounting send stop-record authentication failure
|
(Optional) Generates accounting stop records for users who fail to authenticate while logging into or during session negotiation.
Note |
If a lawful intercept action of 1 does not start the tap, the stop record contains Acct-Termination-Cause, attribute 49, set to 15 (Service Unavailable). |
|
|
aaa accounting network default start-stop group radius
Example:
Router(config)# aaa accounting network default start-stop group radius
|
(Optional) Enables accounting for all network-related service requests.
Note |
This command is required only to determine the reason why a tap did not start. |
|
|
radius-server attribute 44 include-in-access-req
Example:
Router(config)# radius-server attribute 44 include-in-access-req
|
(Optional) Sends RADIUS attribute 44 (Accounting Session ID) in access request packets before user authentication (including requests for preauthentication).
Note |
Enter this command to obtain attribute 44 from the Access-Request packet. Otherwise you will have to wait for the accounting packets to be received before you can determine the value of attribute 44. |
|
|
radius-server host host-name
Example:
Router(config)# radius-server host host1
|
(Optional) Specifies the RADIUS server host. |
|
aaa server radius dynamic-author
Example:
Router(config)# aaa server radius dynamic-author
|
Configures a device as an Authentication, Authorization, and Accounting (AAA) server to facilitate interaction with an external policy server and enters dynamic authorization local server configuration mode.
Note |
This is an optional command if taps are always started with a session starts. The command is required if CoA-Requests are used to start and stop taps in existing sessions. |
|
|
client ip-address
Example:
Router(config-locsvr-da-radius)# client 10.0.0.2
|
(Optional) Specifies a RADIUS client from which the device will accept CoA-Request packets. |
|
domain {delimiter character| stripping [right-to-left]}
Example:
Router(config-locsvr-da-radius)# domain stripping right-to-left
Example:
Router(config-locsvr-da-radius)# domain delimiter @
|
(Optional) Configures username domain options for the RADIUS application.
- The delimiter keyword specifies the domain delimiter. One of the following options can be specified for the character argument: @, /, $, %, \, # or -
- The stripping keyword compares the incoming username with the names oriented to the left of the @ domain delimiter.
- The right-to-left keyword terminates the string at the first delimiter going from right to left.
|
|
server-key word
Example:
Router(config-locsvr-da-radius)# server-key samplekey
|
(Optional) Configures the RADIUS key to be shared between a device and RADIUS clients. |
|
port port-number
Example:
Router(config-locsvr-da-radius)# port 1600
|
(Optional) Specifies a RADIUS client from which the device will accept CoA-Request packets. |
|
exit
Example:
Router(config-locsvr-da-radius)# exit
|
Exits dynamic authorization local server configuration mode and returns to global configuration mode. |
|
end
Example:
Router(config)# end
|
Exits the current configuration mode and returns to privileged EXEC mode. |