Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Configuring 802.1X RADIUS Accounting (CLI Procedure)

RADIUS accounting permits statistical data about users logging onto or off a LAN to be collected and sent to a RADIUS accounting server. The statistical data gathered can be used for general network monitoring, to analyze and track usage patterns, or to bill a user based upon the amount of time or type of services accessed.

To configure basic RADIUS accounting using the CLI:

  1. Specify the accounting servers to which the switch will forward accounting statistics:
    [edit access]
    user@switch# set profile profile1 radius accounting-server [122.69.1.250 122.69.1.252]
  2. Define the RADIUS accounting servers:
    [edit access]
    user@switch# set radius-server 122.69.1.250 secret juniper

    user@switch# set radius-server 122.69.1.252 secret juniper1
  3. Enable accounting for an access profile:
    [edit access]
    user@switch# set profile profile1 accounting
  4. Configure the RADIUS servers to use while sending accounting messages and updates:
    [edit access]
    user@switch# set profile profile1 accounting order radius
  5. Configure the statistics to be collected on the switch and forwarded to the accounting server:
    [edit access]
    user@switch# set profile profile1 accounting accounting-stop-on-access-deny
    user@switch# set profile profile1 accounting accounting-stop-on-failure
  6. Display accounting statistics collected on the switch:
    user@switch> show network-access aaa statistics accounting 
    Accounting module statistics
  Requests received: 1
  Accounting Response failures: 0
  Accounting Response Success: 1
  Requests timedout: 0
  7. Open an accounting log on the RADIUS accounting server using the server's address, and view accounting statistics:
    [root@freeradius]# cd /usr/local/var/log/radius/radacct/122.69.1.250
    [root@freeradius 122.69.1.250]# ls 
    detail-20071214
    [root@freeradius 122.69.1.250]# vi details-20071214
            User-Name = "000347e1bab9"
        NAS-Port = 67
        Acct-Status-Type = Stop
        Acct-Session-Id = "8O2.1x811912"
        Acct-Input-Octets = 17454
        Acct-Output-Octets = 4245
        Acct-Session-Time = 1221041249
        Acct-Input-Packets = 72
        Acct-Output-Packets = 53
        Acct-Terminate-Cause = Lost-Carrier
        Acct-Input-Gigawords = 0
        Acct-Output-Gigawords = 0
        Called-Station-Id = "00-19-e2-50-52-60"
        Calling-Station-Id = "00-03-47-e1-ba-b9"
        Event-Timestamp = "Sep 10 2008 16:52:39 PDT"
        NAS-Identifier = "esp48t-1b-01"
        NAS-Port-Type = Virtual

        User-Name = "000347e1bab9"
        NAS-Port = 67
        Acct-Status-Type = Start
        Acct-Session-Id = "8O2.1x811219"
        Called-Station-Id = "00-19-e2-50-52-60"
        Calling-Station-Id = "00-03-47-e1-ba-b9"
        Event-Timestamp = "Sep 10 2008 18:58:52 PDT"
        NAS-Identifier = "esp48t-1b-01"
        NAS-Port-Type = Virtual
 

Related Documentation

 

Published: 2012-12-06

Previous Page Next Page