Supported Platforms
Retaining Authentication and Accounting Information During Session Startup
At subscriber session startup, the Junos OS authd process sends an Acct-On message to the RADIUS server and the new session starts authentication and accounting operations. However, in some service provider environments, upon receipt of the Acct-On message, the RADIUS server cleans up the previous session state and removes accounting statistics. In this scenario, the RADIUS server’s cleanup operation can inadvertently delete the new session’s authentication and accounting information, which might include customer billing information.
To ensure that the new session’s authentication and accounting information is not deleted, you can optionally use the wait-for-acct-on-ack statement to configure the authd process to wait for an Acct-On-Ack response message from the RADIUS accounting server, so the RADIUS cleanup can finish before authd sends any new authentication and accounting updates.
You configure this feature for an access profile for a logical system and routing instance context. All authentication requests fail until the router receives an Acct-On-Ack response from a RADIUS accounting server that is configured in the access profile. If multiple RADIUS accounting servers are configured for the access profile, authd waits until the first response is received.
You can also configure the authd process to send accounting messages when the RADIUS server status changes for an access profile. This configuration enables you to monitor whether the access profile has an active RADIUS server. You use the send-acct-status-on-config-change statement to specify that authd send an Acct-On message when the first RADIUS server is added to an access profile, and to send an Acct-Off message when the last RADIUS server is deleted from the access profile.
