Supported Platforms
Understanding RADIUS Accounting Duplicate Reporting
When you configure RADIUS accounting, by default the router sends the accounting reports to the accounting servers in the context in which the subscriber was last authenticated. You can configure RADIUS accounting to send duplicate accounting reports to other servers in the same context or in other contexts.
Layer 3 Wholesale Scenarios
In a Layer 3 wholesale network environment, the wholesaler and retailer might use different RADIUS accounting servers, and both might want to receive accounting reports. In this situation, you can configure RADIUS accounting duplicate reporting, which sends reports to both the wholesaler and the retailer accounting servers. The target to which the duplicate accounting records are sent must be in the default:default logical system:routing instance combination (LS:RI) , also called the default VRF.
Table 1 shows where subscriber management sends the accounting reports when you enable duplicate reporting. Subscriber management sends duplicate reports based on the access profile in which you configure the duplication statement at the [edit access profile profile-name accounting] hierarchy level, where the subscriber resides, and how the subscriber is authenticated.
 | Note: You can also enable accounting duplicate reporting based on the domain map configuration—you configure subscribers to authenticate with a nondefault routing instance and a target logical system:routing instance of default:default. The accounting reports are then sent to both the authentication context and the default:default context. |
Table 1: Duplicate RADIUS Accounting Reporting
Access Profile in Which Duplication Is Configured | Where Subscriber Is Authenticated | Subscriber’s Target Logical System/Routing Instance | Accounting Servers Where Accounting Reports Are Sent |
|---|---|---|---|
retailer A | wholesaler | retailer A | wholesaler and retailer A |
retailer A | retailer A | retailer A | wholesaler (default/default context) Note: This is the domain map configuration described in the Note preceding this table. |
wholesaler | wholesaler and retailer A | retailer A | wholesaler and retailer A |
wholesaler and retailer B | wholesaler and retailer A | retailer B | wholesaler, retailer A, and retailer B |
not configured (default) | any | any | single report sent to accounting servers in the context in which subscriber was last authenticated |
Other Scenarios
For scenarios that are not in a Layer 3 wholesale network environment, you might want to send duplicate accounting records to a different set of RADIUS servers that reside in either the same or a different routing context. Unlike the Layer 3 wholesale scenario, the target for the duplicate RADIUS accounting records does not have to be the default VRF. You can specify a single nondefault VRF—that is, other than the default:default LS:RI combination—as the target. Additionally, you can specify up to five access profiles in the target VRF that list the RADIUS accounting servers that receive the duplicate reports.
For example, you might have a lawful intercept scenario where the subscriber is authenticated in the default domain. An authorized law enforcement organization needs duplicate accounting records for the subscriber to be sent to a mediation device that resides in the organization’s networking domain, which lies in a nondefault VRF.
Subscriber management sends duplicate reports to the VRF that you specify with the vrf-name statement at the [edit access profile profile-name accounting duplication-vrf] hierarchy level. Include the access-profile-name statement at the same level to designate the access profiles that in turn specify the RADIUS servers that receive the duplicate reports.
