Steps for configuring RADIUS accounting

Procedure
  1. Configure the switch for accessing a RADIUS server.

    You can configure up to three RADIUS servers (one primary, two backup). The switch operates on the assumption that a server can operate in both accounting and authentication mode. See the documentation for your RADIUS server application for additional information.

    • Use the same radius-server host command that you would use to configure RADIUS authentication.

    • Provide the following:
      • A RADIUS server IP address.

      • Optional — UDP destination port for authentication requests. Otherwise the switch assigns the default UDP port (1812; recommended).

      • Optional — if you are also configuring the switch for RADIUS authentication, and need a unique encryption key for use during authentication sessions with the RADIUS server you are designating, configure a server-specific key. This key overrides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. Default: null

  2. (Optional) Reconfigure the desired Acct-Session-ID operation.
    1. Unique (the default setting): Establishes a different Acct-Session-ID value for each service type, and incrementing of this ID per CLI command for the Command service type.
    2. Common: Establishes the same Acct-Session-ID value for all service types, including successive CLI commands in the same management session.

  3. Configure accounting types and the controls for sending reports to the RADIUS server.
    1. Accounting types:
      • exec

      • network

      • system

      • commands

    2. Trigger for sending accounting reports to a RADIUS server: At session start and stop or only at session stop.
  4. (Optional) Configure session blocking and interim updating options.
    1. Updating: Periodically update the accounting data for sessions-in-progress.
    2. Suppress accounting: Block the accounting session for any unknown user with no username trying to access to the switch.