RADIUS Authentication and Accounting

Configuring RADIUS Accounting

Note

This section assumes you have already:

 

Configured RADIUS authentication on the switch for one or more

 

access methods

 

Configured one or more RADIUS servers to support the switch

 

If you have not already done so, refer to “General RADIUS Setup Procedure”

 

on page 5-5before continuing here.

 

RADIUS accounting collects data about user activity and system events and

 

 

sends it to a RADIUS server when specified events occur on the switch, such

 

as a logoff or a reboot. The switch supports three types of accounting services:

Network accounting: Provides records containing the information listed below on clients directly connected to the switch and operating under Port-Based Access Control (802.1X):

Acct-Session-Id

Acct-Output-Packets

Service-Type

Acct-Status-Type

Acct-Input-Octets

NAS-IP-Address

Acct-Terminate-Cause

Nas-Port

NAS-Identifier

Acct-Authentic

Acct-Output-Octets

Called-Station-Id

Acct-Delay-Time

Acct-Session-Time

 

 

Acct-Input-Packets

Username

 

 

(For 802.1X information for the switch, refer to “Configuring Port-Based and Client-Based Access Control (802.1X)” on page 8-1.)

Exec accounting: Provides records holding the information listed below about login sessions (console, Telnet, and SSH) on the switch:

Acct-Session-Id

Acct-Delay-Time

NAS-IP-Address

Acct-Status-Type

Acct-Session-Time

NAS-Identifier

Acct-Terminate-Cause

Username

Calling-Station-Id

Acct-Authentic

Service-Type

 

 

System accounting: Provides records containing the information listed below when system events occur on the switch, including system reset, system boot, and enabling or disabling of system accounting.

Acct-Session-Id

Acct-Delay-Time

NAS-Identifier

Acct-Status-Type

Username

Calling-Station-Id

Acct-Terminate-Cause

Service-Type

 

 

Acct-Authentic

NAS-IP-Address

 

 

5-18