4 l2tp accounting – QTECH SmartEdge 600 Configuration User Manual

Configuring Authentication, Authorization, and Accounting

Note:

Configuring the global keyword with the aaa accounting

subscriber

command allows you to enable global RADIUS

subscriber accounting even without global authentication. For more
information, refer to the Command Description document.

When the IP address or hostname of the RADIUS accounting server is
configured in a context other than the local context, context-specific accounting
is performed; accounting messages are sent only for subscribers bound to
the context in which the RADIUS accounting server IP address or hostname
is configured.

You can configure two-stage accounting where the router sends accounting
messages to a RADIUS accounting server configured in the non-local context
and to a RADIUS accounting server configured in the local context. For
example, a copy of the accounting data can be sent to both a wholesaler's
and an upstream service provider’s RADIUS accounting server, so that the
end-of-period accounting data can be reconciled and validated by both the
parties.

You can also specify the error conditions for which the router suppresses the
sending of accounting messages to a RADIUS accounting server.

1.3.4

L2TP Accounting

You can configure L2TP accounting that tracks messages for L2TP tunnels or
sessions in L2TP tunnels; the messages are sent to a RADIUS accounting
server. When the IP address or hostname of the RADIUS accounting server is
configured in the router local context, global accounting is performed. When
the IP address or hostname of the RADIUS accounting server is configured in a
context other than the local context, context-specific accounting is performed.
You can also configure two-stage accounting.

The router sends just a single accounting on message when more than
one type of RADIUS accounting is enabled. For example, if you enable
both subscriber accounting and L2TP accounting, the router sends only one
accounting on

message to each RADIUS accounting server, even if you

enable L2TP accounting at a later time. Similarly, the accounting off
message is not sent until you have disabled all types of RADIUS accounting.

Note:

Configuring the global keyword with the aaa accounting l2tp

session

command allows you to enable global RADIUS accounting

for sessions in L2TP tunnels even without global authentication. For
more information, see the aaa accounting l2tp command.

If a subscriber session cannot be tunneled to a specific L2TP network server
(LNS) or to an LNS in a group of L2TP peers, or if the router has received a
Link Control Protocol (LCP) termination request from the subscriber before the
session establishment is complete, the Acct-Session-Time attribute is set to 0.

6

61/1543-CRA 119 1170/1 Uen L

|

2012-12-04