Steps for configuring RADIUS accounting
-
Configure the switch for accessing a RADIUS server.
You can configure up to three RADIUS servers (one primary, two backup). The switch operates on the assumption that a server can operate in both accounting and authentication mode. See the documentation for your RADIUS server application for additional information.
-
Use the same
radius-server host
command that you would use to configure RADIUS authentication. -
Provide the following:
-
A RADIUS server IP address.
-
Optional — UDP destination port for authentication requests. Otherwise the switch assigns the default UDP port (1812; recommended).
-
Optional — if you are also configuring the switch for RADIUS authentication, and need a unique encryption key for use during authentication sessions with the RADIUS server you are designating, configure a server-specific key. This key overrides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. Default: null
-
-
-
(Optional) Reconfigure the desired Acct-Session-ID operation.
- Unique (the default setting): Establishes a different Acct-Session-ID value for each service type, and incrementing of this ID per CLI command for the Command service type.
-
Common:
Establishes the same Acct-Session-ID value for all service types, including successive CLI commands in the same management session.
-
Configure accounting types and the controls for sending reports to the RADIUS server.
-
Accounting types:
-
exec
-
network
-
system
-
commands
-
-
Trigger for sending accounting reports to a RADIUS server: At session start and stop or only at session stop.
-
Accounting types:
-
(Optional) Configure session blocking and interim updating options.
- Updating: Periodically update the accounting data for sessions-in-progress.
- Suppress accounting: Block the accounting session for any unknown user with no username trying to access to the switch.