6-49
RADIUS Authentication, Authorization, and Accounting
Accounting Services
■ Commands accounting: Provides records containing information
on CLI command execution during user sessions.
■ RADIUS accounting with IP attribute: The RADIUS Attribute 8
(Framed-IP-Address) feature provides the RADIUS server with infor-
mation about the client’s IP address after the client is authenticated.
DHCP snooping is queried for the IP address of the client, so DHCP
snooping must be enabled for the VLAN of which the client is a
member.
When the switch begins communications with the RADIUS server it sends
the IP address of the client requesting access to the RADIUS server as
RADIUS Attribute 8 (Framed-IP-Address) in the RADIUS accounting
request. The RADIUS server can use this information to build a map of
usernames and addresses.
It may take a minute or longer for the switch to learn the IP address and
then send the accounting packet with the Framed-IP-Address attribute to
the RADIUS server. If the switch does not learn the IP address after a
minute, it sends the accounting request packet to the RADIUS server
without the Framed-IP-Address attribute. If the IP address is learned at a
later time, it will be included in the next accounting request packet sent.
The switch forwards the accounting information it collects to the designated
RADIUS server, where the information is formatted, stored, and managed by
the server. For more information on this aspect of RADIUS accounting, refer
to the documentation provided with your RADIUS server.
Operating Rules for RADIUS Accounting
■ You can configure up to four types of accounting to run simultane-
ously: exec, system, network, and command.
■ RADIUS servers used for accounting are also used for authentication.
■ The switch must be configured to access at least one RADIUS server.
■ RADIUS servers are accessed in the order in which their IP addresses
were configured in the switch. Use show radius to view the order. As
long as the first server is accessible and responding to authentication
• Acct-Session-Id
• Acct-Status-Type
• Service-Type
• Acct-Authentic
•User-Name
• NAS-IP-Address
• NAS-Identifier
• NAS-Port-Type
• Calling-Station-Id
• HP-Command-String
• Acct-Delay-Time
To Next Page
Loading...
Need help?
General