Authentication, Authorization and Accounting (AAA) Commands
OL-32830-01 Command Line Interface Reference Guide 104
3
User Guidelines
This command enables the recording of 802.1x sessions.
If accounting is activated, the device sends start/stop messages to a RADIUS
server when a user logs in / logs out to the network, respectively.
The device uses the configured priorities of the available RADIUS servers in order
to select the RADIUS server.
If a new supplicant replaces an old supplicant (even if the port state remains
authorized), the software sends a stop message for the old supplicant and a start
message for the new supplicant.
In multiple sessions mode (dot1x multiple-hosts authentication), the software
sends start/stop messages for each authenticated supplicant.
In multiple hosts mode (dot1x multiple-hosts), the software sends start/stop
messages only for the supplicant that has been authenticated.
The software does not send start/stop messages if the port is force-authorized.
The software does not send start/stop messages for hosts that are sending traffic
on the guest VLAN or on the unauthenticated VLANs.
The following table describes the supported Radius accounting Attributes Values
and when they are sent by the switch.
Name Start Stop Description
User-Name (1) Yes Yes Supplicant’s identity.
NAS-IP-Address (4) Yes Yes The switch IP address
that is used for the
session with the
RADIUS server.
NAS-Port (5) Yes Yes The switch port from
where the supplicant
has logged in.
Class (25) Yes Yes The arbitrary value that
is included in all
accounting packets for
a specific session.
Called-Station-ID (30) Yes Yes The switch MAC
address.
Calling-Station-ID (31) Ye s Yes The supplicant MAC
address.
Acct-Session-ID (44) Yes Yes A unique accounting
identifier.
To Next Page
Loading...
Need help?
General
