beautypg.com

Allied Telesis AT-S94 CLI (AT-8000S Series) User Manual

Page 49

background image

AAA Commands

Page 48

Parameters

radius — Accounting is performed by a RADIUS server.

Default Configuration

Disabled.

Command Mode

Global Configuration.

User Guidelines

This command enables the recording of 802.1x sessions.

If accounting is activated, the device sends a Start/Stop message to a RADIUS server when a user

logs in/logs out to the network, respectively. The software sends Start/Stop messages for each authenticated
supplicant.

The device uses the configured priorities of the available RADIUS servers to select the RADIUS server to

use.

If a new supplicant replaces an old supplicant (even if the port state remains authorized), the software sends

a Stop message for the old supplicant and a Start message for the new supplicant.

The software does not send Start/Stop messages if the port is force-authorized.

The software does not send Start/Stop messages for hosts that are sending traffic on the guest VLAN or on

the unauthenticated VLANs.

The following table describes the supported RADIUS accounting Attribute Values when they are sent by the

switch:

Example

The following example defines the accounting of 802.1x sessions sessions to a RADIUS server.

N a m e

Sta r t

St o p

D e s c r i p t i o n

User-Name (1)

Yes

Yes

The user identity.

NAS-IP-Address (4)

Yes

Yes

The switch IP address that is used for the session
with the RADIUS server.

NAS-Port (5)

Yes

Yes

The switch port from where the supplicant logged in.

Class (25)

Yes

Yes

An arbitrary value is included in all accounting
packets for a specific session.

Called-Station-ID (30)

Yes

Yes

The switch MAC address.

Calling-Station-ID (31)

Yes

Yes

The supplicant MAC address.

Acct-Session-ID (44)

Yes

Yes

A unique accounting identifier.

Acct-Authentic (45)

Yes

Yes

Indicates how the supplicant was authenticated.

Acct-Session-Time (46)

No

Yes

Indicates how long the user was logged in.

Acct-Terminate-Cause (49)

No

Yes

Reports why the session was terminated.

Nas-Port-Type (61)

Yes

Yes

Indicates the supplicant physical port type.

Console(config)# aaa accounting dot1x radius

See also other documents in the category Allied Telesis Computer hardware: