Steps for configuring RADIUS accounting

Procedure

Configure the switch for accessing a RADIUS server.
You can configure up to three RADIUS servers (one primary, two backup). The switch operates on the assumption that a server can operate in both accounting and authentication mode. See the documentation for your RADIUS server application for additional information.
- Use the same radius-server host command that you would use to configure RADIUS authentication.
- Provide the following:
  - A RADIUS server IP address.
  - Optional — UDP destination port for authentication requests. Otherwise the switch assigns the default UDP port (1812; recommended).
  - Optional — if you are also configuring the switch for RADIUS authentication, and need a unique encryption key for use during authentication sessions with the RADIUS server you are designating, configure a server-specific key. This key overrides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. Default: null
(Optional) Reconfigure the desired Acct-Session-ID operation.
1. Unique (the default setting): Establishes a different Acct-Session-ID value for each service type, and incrementing of this ID per CLI command for the Command service type.
2. Common: Establishes the same Acct-Session-ID value for all service types, including successive CLI commands in the same management session.
Configure accounting types and the controls for sending reports to the RADIUS server.
1. Accounting types:
  - exec
  - network
  - system
  - commands
2. Trigger for sending accounting reports to a RADIUS server: At session start and stop or only at session stop.
(Optional) Configure session blocking and interim updating options.
1. Updating: Periodically update the accounting data for sessions-in-progress.
2. Suppress accounting: Block the accounting session for any unknown user with no username trying to access to the switch.