(RADIATOR) Radius accounting

Hugh Irvine hugh at open.com.au
Thu Aug 12 00:13:42 CDT 2004 

Hello Nuno -

If you are not receiving the accounting data from the access points it  
is a problem on the access point and you should check with Cisco for a  
fix.

The debug log shows that you are receiving the accounting requests, so  
I don't think your theory is correct.

regards

Hugh


On 11 Aug 2004, at 23:08, Nuno Rodrigues wrote:

>
> Hello,
>
>  I have lots of Cisco AP1121G, that authenticating users on a radius  
> server (Radiator).
>  I need to make accounting of octets in and out per user, but i have  
> some problems with this.
>  In general, the accounting is working fine, but the APs dont send  
> some attributes that i need (Acct-Input-Octets, Acct-Output-Octets),  
> included in Accounting-Request (stop) Packets  
> (http://www.cisco.com/en/US/products/hw/wireless/ps4570/ 
> products_configuration_guide_chapter09186a00802091b1.html).
>
>  Someone can help me to find the problem?
>  I have a theory, but i don't know if is right: This attributes can't  
> be sent because the IP Address is assigned to clients by a third DHCP  
> Server (router cisco) and not by the Radius server. Could be by this?
>  How can i solve the problem?
>
>  The Radius part of configuration of my APs:
>  ...
>  aaa new-model
>  !
>  !
>  aaa authentication login default local
>  aaa authentication login eap_methods group radius
>  aaa authentication login mac_methods local
>  aaa authorization exec default local
>  aaa authorization network default group radius
>  aaa accounting send stop-record authentication failure
>  aaa accounting update periodic 5
>  aaa accounting auth-proxy default start-stop group radius
>  aaa accounting exec default start-stop group radius
>  aaa accounting network default start-stop group radius
>  aaa accounting connection default start-stop group radius
>  aaa accounting system default start-stop group radius
>  aaa accounting resource default start-stop group radius
>  aaa nas port extended
>  aaa session-id unique
>  ...
>  ssid MySSID
>  vlan 150
>  authentication open eap eap_methods
>  accounting default
>  ...
>  ip radius source-interface BVI1
>  ...
>  radius-server host 172.1.0.1 auth-port 1812 acct-port 1813 key 7  
> xxxxxxxxxxxxxxxxxxxxx
>  radius-server authorization permit missing Service-Type
>  radius-server vsa send accounting
>  radius-server vsa send authentication
>  ...
>
>  Extract of Radius Log:
>  ...
>  Sat Jul 31 19:05:58 2004
>          Acct-Session-Id = "000040F6"
>          Called-Station-Id = "000f.247a.c0c0"
>          Calling-Station-Id = "000d.88f4.0408"
>          cisco-avpair = "ssid=MySSID"
>          cisco-avpair = "nas-location=unspecified"
>          cisco-avpair = "connect-progress=Call Up"
>          Acct-Session-Time = 278
>          Acct-Authentic = RADIUS
>          User-Name = "nuno at ipb.pt"
>          Acct-Status-Type = Alive
>          NAS-Port-Type = Wireless-IEEE-802-11
>          Cisco-NAS-Port = "1315"
>          NAS-Port = 1315
>          Service-Type = Framed
>          NAS-IP-Address = 172.9.13.12
>          Acct-Delay-Time = 0
>          ssid = MySSID
>          nas-location = unspecified
>          connect-progress = Call Up
>          Timestamp = 1091297158
>  ...
>
>  Thanks in advance!
>  Nuno.
>
> -- 
> .................................................................
>  Nuno Rodrigues : nuno at ipb.pt : http://www.ipb.pt/~nuno
>  Eq. Assistente 2o Triénio : Dep. Informática e Comunicações :  
> ESTiG/IPB
>  Coordenador do Centro de Comunicações do IPB
> .................................................................
>
>  -- Archive at http://www.open.com.au/archives/radiator/ Announcements  
> on radiator-announce at open.com.au To unsubscribe, email  
> 'majordomo at open.com.au' with 'unsubscribe radiator' in the body of the  
> message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list