Filter
Top Products
185 | AuthenticationServers DellPowerConnectW-SeriesArubaOS6.2 | User Guide
server-group <group>
Accounting
You can configure accounting for RADIUS and TACACS+ server groups.
NOTE: RADIUS or TACACS+ accounting is only supported when RADIUS or TACACS+ is used for authentication.
RADIUS Accounting
RADIUS accounting allows user activity and statistics to be reported from the controller to RADIUS servers.
RADIUS accounting works as follows:
1. The controller generates an Accounting Start packet when a user logs in. The code field of transmitted RADIUS
packet is set to 4 (Accounting-Request). Note that sensitive information, such user passwords, are not sent to
the accounting server. The RADIUS server sends an acknowledgement of the packet.
2. The controller sends an Accounting Stop packet when a user logs off; the packet information includes various
statistics such as elapsed time, input and output bytes and packets. The RADIUS server sends an
acknowledgement of the packet.
The following is the list of attributes that the controller can send to a RADIUS accounting server:
l Acct-Status-Type: This attribute marks the beginning or end of accounting record for a user. Currently, possible
values include Start and Stop.
l User-Name: Name of user.
l Acct-Session-Id: A unique identifier to facilitate matching of accounting records for a user. It is derived from the
user name, IP address and MAC address. This is set in all accounting packets.
l Acct-Authentic: This indicates how the user was authenticated. Current values are 1 (RADIUS), 2 (Local) and 3
(LDAP).
l Acct-Session-Time: The elapsed time, in seconds, that the client was logged in to the controller. This is only sent
in Accounting-Request records where the Acct-Status-Type is Stop.
l Acct-Terminate-Cause: Indicates how the session was terminated and is sent in Accounting-Request records
where the Acct-Status-Type is Stop. Possible values are:
1: User logged off
4: Idle Timeout
5: Session Timeout. Maximum session length timer expired.
7: Admin Reboot: Administrator is ending service, for example prior to rebooting the controller.
l NAS-Identifier: This is set in the RADIUS server configuration.
l NAS-IP-Address: IP address of the master controller. You can configure a “global” NAS IP address: in the WebUI,
navigate to the Configuration > Security > Authentication > Advanced page; in the CLI, use theip radius
nas-ip command.
l NAS-Port: Physical or virtual port (tunnel) number through which the user traffic is entering the controller.
l NAS-Port-Type: Type of port used in the connection. This is set to one of the following:
n 5: admin login
n 15: wired user type
n 19: wireless user
l Framed-IP-Address: IP address of the user.
l Calling-Station-ID: MAC address of the user.
l Called-station-ID: MAC address of the controller.