RADIUS Authentication, Authorization, and Accounting

Configuring RADIUS Accounting

For example, suppose you want to the switch to use the RADIUS server described below for both authentication and accounting purposes.

IP address: 10.33.18.151

A non-default UDP port number of 1750 for accounting.

For this example, assume that all other RADIUS authentication parameters for accessing this server are acceptable at their default settings, and that RADIUS is already configured as an authentication method for one or more types of access to the switch (Telnet, Console, etc.).

Because the radius-server command includes an acct-portelement with a non- default 1750, the switch assigns this value to the accounting port UDP port numbers. Because auth-port was not included in the command, the authentication UDP port is set to the default 1812.

Figure 5-11. Example of Configuring for a RADIUS Server with a Non-Default Accounting UDP Port Number

The radius-server command as shown in figure 5-11, above, configures the switch to use a RADIUS server at IP address 10.33.18.151, with a (non-default) UDP accounting port of 1750, and a server-specific key of “source0151”.

2.Configure Accounting Types and the Controls for Sending Reports to the RADIUS Server

Select the Accounting Type(s):

Exec: Use exec if you want to collect accounting information on login sessions on the switch via the console, Telnet, or SSH. (See also “Accounting Services” on page 5-4.)

System: Use system if you want to collect accounting data when:

A system boot or reload occurs

System accounting is turned on or off

5-42