RADIUS Authentication, Authorization, and Accounting

Configuring RADIUS Accounting

must match the encryption key used on the specified RADIUS server. For more information, refer to the “[key < key-string >]” parameter on page 5-14.(Default: null)

2.Configure accounting types and the controls for sending reports to the RADIUS server.

Accounting types: exec (page 5-38), network (page 5-37), com- mands (page 5-38), or system (page 5-38)

Trigger for sending accounting reports to a RADIUS server: At session start and stop or only at session stop

3.(Optional) Configure session blocking and interim updating options

Updating: Periodically update the accounting data for sessions-in- progress

Suppress accounting: Block the accounting session for any unknown user with no username access to the switch

1. Configure the Switch To Access a RADIUS Server

Before you configure the actual accounting parameters, you should first configure the switch to use a RADIUS server. This is the same as the process described on page 5-14.You need to repeat this step here only if you have not yet configured the switch to use a RADIUS server, your server data has changed, or you need to specify a non-default UDP destination port for accounting requests. Note that switch operation expects a RADIUS server to accommodate both authentication and accounting.

Syntax: [no] radius-server host < ip-address> [oobm]

Adds a server to the RADIUS configuration or (with no) deletes a server from the configuration.

For switches that have a separate out-of-band management port, the oobm parameter specifies that the RADIUS traffic will go through the out-of-band management (OOBM) port.

[acct-port < port-number>]

Optional. Changes the UDP destination port for accounting requests to the specified RADIUS server. If you do not use this option, the switch automatically assigns the default accounting port number. (Default: 1813)

5-40