accounting-stop-on-failure
Syntax
accounting-stop-on-failure;
Hierarchy Level
[edit access profile profile-name accounting]
Description
Configure RADIUS accounting to send an Acct-Stop message when a subscriber session has been successfully authenticated and authorized, but then fails before an Acct-Start message is sent. By default, an Acct-Stop message is sent only if an Acct-Start message has been exchanged with the accounting server.
Consider a situation where RADIUS address pools are used to
assign IP/IPv6 addresses. After a subscriber session is successfully
authenticated, the RADIUS server authorizes the session by assigning
an IP address from the RADIUS address pool and conveying that address
in the Framed-IP-Address attribute. If a negotiation failure occurs
at this point, the session is terminated before activating. The Acct-Start
message is never sent because it is initiated by session activation.
By default, an Acct-Stop message cannot be sent because the Acct-Start
is never sent. However, if the acct-stop-on-failure statement
is configured, the negotiation failure causes the Acct-Stop message
to be sent, which explicitly notifies the RADIUS server that the session
is disconnected and that it can free the allocated IP address back
to the pool.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.1.