RADIUS Accounting for EAP

The switch provides the ability to account EAP and NEAP sessions using the RADIUS accounting protocol. A user session is defined as the time frame between when a user is authenticated until the user is unauthenticated.

The following table summarizes the accounting events and information logged.

Table 1. Summary of accounting events and information logged

Event

RADIUS attributes

Description

User is authenticated by EAP

Acct-Status-Type

Start

Nas-IP-Address

IP address to represent the switch

Nas-Port

Port number on which the user is EAP or NEAP authorized

Acct-Session-ID

Unique string representing the session

User-Name

EAP user name or NEAP MAC

User logs off

Acct-Status-Type

Stop

Nas-IP-Address

IP address to represent the switch

Nas-Port

Port number on which the user is EAP or NEAP unauthorized

Acct-Session-ID

Unique string representing the session

User-Name

EAP user name

Acct-Input-Octets

Number of octets input to the port during the session

Acct-Output-Octets

Number of octets output to the port during the session

Acct-Terminate-Cause

Reason for terminating user session. For more information about the mapping of 802.1x session termination cause to RADIUS accounting attribute, see the following table.

Acct-Session-Time

Session interval

The following table describes the mapping of the causes of 802.1x session terminations to the corresponding RADIUS accounting attributes.

Table 2. 802.1x session termination mapping

IEEE 802.1Xdot1xAuthSessionTerminateCause Value

RADIUSAcct-Terminate-Cause Value

supplicantLogoff(1)

User Request (1)

portFailure(2)

Lost Carrier (2)

supplicantRestart(3)

Supplicant Restart (19)

reauthFailed(4)

Reauthentication Failure (20)

authControlForceUnauth(5)

Admin Reset (6)

portReInit(6)

Port Reinitialized (21)

portAdminDisabled(7)

Port Administratively Disabled (22)

notTerminatedYet(999)