The switch provides the ability to account EAP and NEAP sessions using the RADIUS accounting protocol. A user session is defined as the time frame between when a user is authenticated until the user is unauthenticated.
The following table summarizes the accounting events and information logged.
Event |
RADIUS attributes |
Description |
---|---|---|
User is authenticated by EAP |
Acct-Status-Type |
Start |
Nas-IP-Address |
IP address to represent the switch |
|
Nas-Port |
Port number on which the user is EAP or NEAP authorized |
|
Acct-Session-ID |
Unique string representing the session |
|
User-Name |
EAP user name or NEAP MAC |
|
User logs off |
Acct-Status-Type |
Stop |
Nas-IP-Address |
IP address to represent the switch |
|
Nas-Port |
Port number on which the user is EAP or NEAP unauthorized |
|
Acct-Session-ID |
Unique string representing the session |
|
User-Name |
EAP user name |
|
Acct-Input-Octets |
Number of octets input to the port during the session |
|
Acct-Output-Octets |
Number of octets output to the port during the session |
|
Acct-Terminate-Cause |
Reason for terminating user session. For more information about the mapping of 802.1x session termination cause to RADIUS accounting attribute, see the following table. |
|
Acct-Session-Time |
Session interval |
The following table describes the mapping of the causes of 802.1x session terminations to the corresponding RADIUS accounting attributes.
IEEE 802.1Xdot1xAuthSessionTerminateCause Value |
RADIUSAcct-Terminate-Cause Value |
---|---|
supplicantLogoff(1) |
User Request (1) |
portFailure(2) |
Lost Carrier (2) |
supplicantRestart(3) |
Supplicant Restart (19) |
reauthFailed(4) |
Reauthentication Failure (20) |
authControlForceUnauth(5) |
Admin Reset (6) |
portReInit(6) |
Port Reinitialized (21) |
portAdminDisabled(7) |
Port Administratively Disabled (22) |
notTerminatedYet(999) |
— |