Enhancements in Release F.04.08

Configuring RADIUS Authentication and Accounting

RADIUS Accounting Commands

[no] aaa accounting update

page 121

periodic < 1 .. 525600 > (in minutes)

 

[no] aaa accounting suppress null-username

page 121

show accounting

page 125

show accounting sessions

page 125

show radius accounting

page 125

 

 

Note

This section assumes you have already:Configured RADIUS authentication on the switch for one or more access methodsConfigured one or more RADIUS servers to support the switch

If you have not already done so, refer to “General RADIUS Setup Procedure” on page 104 before continuing here.

RADIUS accounting collects data about user activity and system events and sends it to a RADIUS server when specified events occur on the switch, such as a logoff or a reboot. The Series 2500 switches support three types of accounting services:

Network accounting: Provides records containing the information listed below on clients directly connected to the switch and operating under Port-Based Access Control (802.1X):

Acct-Session-Id

Acct-Delay-Time

Nas-Port

Service-Type

Acct-Status-Type

Acct-Input-Packets

Acct-Output-Octets

NAS-IP-Address

Acct-Terminate-Cause

Acct-Output-Packets

Acct-Session-Time

NAS-Identifier

Acct-Authentic

Acct-Input-Octets

User-Name

Called-Station-Id

(For 802.1X information on the Series 2500 switches, refer to “Configuring Port-Based Access Control (802.1X)” on page 29.)

Exec accounting: Provides records containing the information listed below about login sessions (console, Telnet, and SSH) on the switch:

Acct-Session-Id

Acct-Delay-Time

NAS-IP-Address

Acct-Status-Type

Acct-Session-Time

NAS-Identifier

Acct-Terminate-Cause

User-Name

Calling-Station-Id

Acct-Authentic

Service-Type

 

 

115