1x accounting attributes for radius, Enabling 802.1x accounting – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 203

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

183

53-1002601-01

802.1X accounting configuration

The user MAC address

The authenticating physical port number

An Accounting Start packet is sent to the RADIUS server when a user is successfully authenticated.
The Start packet indicates the start of a new session and contains the user MAC address and
physical port number. The 802.1X session state will change to Authenticated and Permit after
receiving a response from the accounting server for the accounting Start packet. If the Accounting
service is not available, the 802.1X session status will change to Authenticated and Permit after a
RADIUS timeout. The device will retry authentication requests three times (the default), or the
number of times configured on the device.

An Accounting Stop packet is sent to the RADIUS server when one of the following events occur:

The user logs off

The port goes down

The port is disabled

The user fails to re-authenticate after a RADIUS timeout

The 802.1X port control-auto configuration changes

The MAC session clears (through use of the clear dot1x mac-session CLI command)

The Accounting Stop packet indicates the end of the session and the time the user logged out.

802.1X accounting attributes for RADIUS

Brocade devices support the following RADIUS attributes for 802.1X accounting.

Enabling 802.1X accounting

To enable 802.1X accounting, enter the following command.

Brocade(config)# aaa accounting dot1x default start-stop radius none

Syntax: aaa accounting dot1x default start-stop radius | none

radius – Use the list of all RADIUS servers that support 802.1X for authentication.

TABLE 31

802.1X accounting attributes for RADIUS

Attribute name

Attribute ID

Data Type

Description

Acct-Session-ID

44

Integer

The account session ID, which is a number from 1 to
4294967295.

Acct-Status-Type

40

integer

Indicates whether the accounting request marks the
beginning (start) or end (stop) of the user service.
1 – Start
2 – Stop

Calling-Station-Id

31

string

The supplicant MAC address in ASCII format (upper case
only), with octet values separated by a dash (-). For
example 00-10-A4-23-19-C0

NAS-Port

5

integer

The physical port number.

NAS-Port-Type

61

integer

The physical port type.

user-name

1

string

The user name.

Advertising
Popular Brands
Popular manuals