Technical Documentation

Configuring 802.1X RADIUS Accounting (CLI Procedure)

RADIUS accounting permits statistical data about users logging onto or off a LAN to be collected and sent to a RADIUS accounting server. The statistical data gathered can be used for general network monitoring, to analyze and track usage patterns, or to bill a user based upon the amount of time or type of services accessed.

    To configure basic RADIUS accounting using the CLI:

    1. Specify the accounting servers to which the switch will forward accounting statistics:

      [edit access]
      user@switch# set profile profile1 radius accounting-server [122.69.1.250 122.69.1.252]
    2. Define the RADIUS accounting servers:

      [edit access]
      user@switch# set radius-server 122.69.1.250 secret juniper


      user@switch# set radius-server 122.69.1.252 secret juniper1
    3. Enable accounting for an access profile:

      [edit access]
      user@switch# set profile profile1 accounting
    4. Configure the RADIUS servers to use while sending accounting messages and updates:

      [edit access]
      user@switch# set profile profile1 accounting order radius none
    5. Configure the statistics to be collected on the switch and forwarded to the accounting server:

      [edit access]
      user@switch# set profile profile1 accounting order accounting-stop-on-access-deny
      user@switch# set profile profile1 accounting order accounting-stop-on-failure
    6. Display accounting statistics collected on the switch:

      user@switch> show network-access aaa statistics accounting
      Accounting module statistics
        Requests received: 1
        Accounting Response failures: 0
        Accounting Response Success: 1
        Requests timedout: 0
      
    7. Open an accounting log on the RADIUS accounting server using the server's address, and view accounting statistics:

      [root@freeradius]# cd /usr/local/var/log/radius/radacct/122.69.1.250
      [root@freeradius 122.69.1.250]# ls
      detail-20071214
      
      

      [root@freeradius 122.69.1.250]# vi details-20071214
              User-Name = "000347e1bab9"
              NAS-Port = 67
              Acct-Status-Type = Stop
              Acct-Session-Id = "8O2.1x811912"
              Acct-Input-Octets = 17454
              Acct-Output-Octets = 4245
              Acct-Session-Time = 1221041249
              Acct-Input-Packets = 72
              Acct-Output-Packets = 53
              Acct-Terminate-Cause = Lost-Carrier
              Acct-Input-Gigawords = 0
              Acct-Output-Gigawords = 0
              Called-Station-Id = "00-19-e2-50-52-60"
              Calling-Station-Id = "00-03-47-e1-ba-b9"
              Event-Timestamp = "Sep 10 2008 16:52:39 PDT"
              NAS-Identifier = "esp48t-1b-01"
              NAS-Port-Type = Virtual
      
              User-Name = "000347e1bab9"
              NAS-Port = 67
              Acct-Status-Type = Start
              Acct-Session-Id = "8O2.1x811219"
              Called-Station-Id = "00-19-e2-50-52-60"
              Calling-Station-Id = "00-03-47-e1-ba-b9"
              Event-Timestamp = "Sep 10 2008 18:58:52 PDT"
              NAS-Identifier = "esp48t-1b-01"
              NAS-Port-Type = Virtual

    Published: 2009-07-21