• Download PDFs
• Configuring 802.1X RADIUS Accounting (CLI Procedure)  

• Related Topics
• Example: Connecting a RADIUS Server for 802.1X to an EX-series Switch
• Understanding 802.1X and AAA Accounting on EX-series Switches

Configuring 802.1X RADIUS Accounting (CLI Procedure)

RADIUS accounting permits statistical data about users logging onto or off a LAN to be collected and sent to a RADIUS accounting server. The statistical data gathered can be used for general network monitoring, to analyze and track usage patterns, or to bill a user based upon the amount of time or type of services accessed.

To configure basic RADIUS accounting using the CLI:

1. Specify the accounting servers to which the switch will forward accounting statistics:
   [edit access]
user@switch# set profile profile1 radius accounting-server [122.69.1.250 122.69.1.252]
2. Define the RADIUS accounting servers:
   [edit access]
user@switch# set radius-server 122.69.1.250 secret juniper

user@switch# set radius-server 122.69.1.252 secret juniper1
3. Enable accounting for an access profile:
   [edit access]
user@switch# set profile profile1 accounting
4. Configure the RADIUS servers to use while sending accounting messages and updates:
   [edit access]
user@switch# set profile profile1 accounting order radius none
5. Configure the statistics to be collected on the switch and forwarded to the accounting server:
   [edit access]
user@switch# set profile profile1 accounting order stop-on-access-deny
user@switch# set profile profile1 accounting order stop-on-failure
6. Display accounting statistics collected on the switch:
   user@switch> show network-access aaa statistics accounting

   Accounting module statistics
     Requests received: 1
     Accounting Response failures: 0
     Accounting Response Success: 1
     Requests timedout: 0
   

7. Open an accounting log on the RADIUS accounting server using the server's address, and view accounting statistics:
   [root@freeradius]# cd /usr/local/var/log/radius/radacct/122.69.1.250
[root@freeradius 122.69.1.250]# ls

   detail-20071214
   
   

   
   [root@freeradius 122.69.1.250]# vi details-20071214


           User-Name = "000347e1bab9"
           NAS-Port = 67
           Acct-Status-Type = Stop
           Acct-Session-Id = "8O2.1x811912"
           Acct-Input-Octets = 17454
           Acct-Output-Octets = 4245
           Acct-Session-Time = 1221041249
           Acct-Input-Packets = 72
           Acct-Output-Packets = 53
           Acct-Terminate-Cause = Lost-Carrier
           Acct-Input-Gigawords = 0
           Acct-Output-Gigawords = 0
           Called-Station-Id = "00-19-e2-50-52-60"
           Calling-Station-Id = "00-03-47-e1-ba-b9"
           Event-Timestamp = "Sep 10 2008 16:52:39 PDT"
           NAS-Identifier = "esp48t-1b-01"
           NAS-Port-Type = Virtual
   
           User-Name = "000347e1bab9"
           NAS-Port = 67
           Acct-Status-Type = Start
           Acct-Session-Id = "8O2.1x811219"
           Called-Station-Id = "00-19-e2-50-52-60"
           Calling-Station-Id = "00-03-47-e1-ba-b9"
           Event-Timestamp = "Sep 10 2008 18:58:52 PDT"
           NAS-Identifier = "esp48t-1b-01"
           NAS-Port-Type = Virtual