Configuring RADIUS accounting

This procedure assumes:

  • RADIUS authentication is configured on the switch for one or more access methods.

  • One or more RADIUS servers is configured to support the switch.

If you have not already done so, see RADIUS Authentication, Authorization, and Accounting.

Procedure
  1. Configure the switch for accessing a RADIUS server.
  2. You can configure up to three RADIUS servers (one primary, two backup). The switch operates on the assumption that a server can operate in both accounting and authentication mode. See the documentation for your RADIUS server application for additional information.

    • Use the same RADIUS-server host command that you would use to configure RADIUS authentication. See Configuring a switch to access a RADIUS server.

    • Provide the following:

      • A RADIUS server IP address.

      • Optional UDP destination port for authentication requests. Otherwise the switch assigns the default UDP port (1812; recommended).

      • Optional if you are also configuring the switch for RADIUS authentication, and need a unique encryption key for use during authentication sessions with the RADIUS server you are designating, configure a server-specific key. This key overrides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. For more information, see the key <key-string> parameter in Configuring a switch to access a RADIUS server. Default: null

  3. (Optional) Reconfigure the desired Acct-Session-ID operation.
    1. Unique (the default setting):

      Establishes a different Acct-Session-ID value for each service type, and incrementing of this ID per CLI command for the Command service type. See Unique Acct-Session-ID operation.

    2. Common:

      Establishes the same Acct-Session-ID value for all service types, including successive CLI commands in the same management session.

  4. Configure accounting types and the controls for sending reports to the RADIUS server.
    1. Accounting types:

      • exec

      • network

      • system

      • commands

    2. Trigger for sending accounting reports to a RADIUS server: At session start and stop or only at session stop.
  5. (Optional) Configure session blocking and interim updating options
    1. Updating:

      Periodically update the accounting data for sessions-in-progress.

    2. Suppress accounting:

      Block the accounting session for any unknown user with no user name trying to access to the switch.