How to configure "accounting" function for dot1x client on ECS4100 series ? Follow
Scenario:
In this example, we will use "FreeRADIUS" as accounting server.
Procedures:
1. Configure the RADIUS server parameters and switch's IP address.
Tips: the "encryption key" is defined by user on RADIUS server, thus it must be configured correctly.
Console#configure
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.1/24
Console(config-if)#exit
Console(config)#radius-server 1 host 192.168.1.88 key support
2. Enable the dot1x on global mode.
Console(config)#dot1x system-auth-control
3. Enable dot1x and accounting function on the port interface, and let the client connect to this port.
Console(config)#aaa accounting dot1x default start-stop group radius
Console(config)#interface ethernet 1/2
Console(config-if)#dot1x port-control auto
Console(config-if)#accounting dot1x default
Result:
After the client gets authentication successfully, then switch starts to send the accounting packet (Figure 1) to the FreeRADIUS server.
Figure 1: Capture the accounting packet on FreeRADIUS server.
When the client's connection is disconnected, switch will send the total traffic information of this client.
Figure 2: The traffic information of accounting log in the FreeRADIUS server.
Tips: If the FreeRADIUS receive the accounting packet, it start to record the log automatically by default. You can find the log in this path "/var/log/freeradius/radacct/".
Comments
0 comments
Please sign in to leave a comment.