RADIUS Authentication, Authorization, and Accounting

Configuring RADIUS Accounting

Exec accounting: Provides records holding the information listed below about login sessions (console, Telnet, and SSH) on the switch:

Acct-Authentic

Acct-Status-Type

NAS-Identifier

Acct-Delay-Time

Acct-Terminate-Cause

NAS-IP-Address

Acct-Session-Id

Calling-Station-Id

Service-Type

Acct-Session-Time

MS-RAS-Vendor

Username

System accounting: Provides records containing the information listed below when system events occur on the switch, including system reset, system boot, and enabling or disabling of system accounting.

Acct-Authentic

Acct-Terminate-Cause

NAS-IP-Address

Acct-Delay-Time

Calling-Station-Id

Service-Type

Acct-Session-Id

MS-RAS-Vendor

Username

Acct-Session-Time

NAS-Identifier

 

 

Commands accounting: Provides records containing information after the execution of a command.

RADIUS accounting with IP attribute: The RADIUS Attribute 8 (Framed-IP-Address) feature provides the RADIUS server with infor- mation about the client’s IP address after the client is authenticated. DHCP snooping is queried for the IP address of the client, so DHCP snooping must be enabled for the VLAN of which the client is a member.

When the switch begins communications with the RADIUS server it sends the IP address of the client requesting access to the RADIUS server as RADIUS Attribute 8 (Framed-IP-Address) in the RADIUS accounting request. The RADIUS server can use this information to build a map of usernames and addresses.

It may take a minute or longer for the switch to learn the IP address and then send the accounting packet with the Framed-IP-Address attribute to the RADIUS server. If the switch does not learn the IP address after a minute, it sends the accounting request packet to the RADIUS server without the Framed-IP-Address attribute. If the IP address is learned at a later time, it will be included in the next accounting request packet sent.

The switch forwards the accounting information it collects to the designated RADIUS server, where the information is formatted, stored, and managed by the server. For more information on this aspect of RADIUS accounting, refer to the documentation provided with your RADIUS server.

5-38