Enable RADIUS Accounting

Before you begin

  • You must set up a RADIUS server and add it to the configuration file of the device before you can enable RADIUS accounting on the device. Otherwise, the system displays an error message.

About this task

Enable RADIUS accounting to log all of the activity of each remote user in a session on the centralized RADIUS accounting server.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Click RADIUS.
  3. In the RADIUS Global tab, select the AcctEnable check box.
  4. In the AcctAttrValue field, type an access policy value (by default, this value is 193).
  5. Click Apply.

RADIUS Global Field Descriptions

Use the data in the following table to use the RADIUS Global tab.

Name

Description

Enable

Enables the RADIUS authentication feature globally.

MaxNumberServer

Specifies the maximum number of servers to be used, between 1 and 10, inclusive.

AccessPriorityAttrValue

Specific to RADIUS authentication. Specifies the vendor-specific attribute value of the access-priority attribute to match the type value set in the dictionary file on the RADIUS server. The valid values are 192 through 240. The default is 192.

AcctEnable

Enables RADIUS accounting.

AcctAttriValue

Specific to RADIUS accounting. Specifies the vendor-specific attribute value of the CLI-command attribute to match the type value set in the dictionary file on the RADIUS server. This value must be different from the access-priority attribute value configured for authentication. The valid values are 192 through 240. The default value is 193.

AcctIncludeCli

Specifies whether you want CLI commands included in RADIUS accounting requests.

ClearStat

Clears RADIUS statistics from the device.

McastAttributeValue

Specifies the value of the Mcast attribute. The valid values are 0 through 255. The default value is 90.

AuthInfoAttrValue

Specifies the value of the authentication information attribute. The valid values are 0 through 255. The default value is 91.

CommandAccessAttrValue

Specifies the value of the command access attribute. The valid values are 192 through 240. The default value is 194.

CliCommandAttrValue

Specifies the value of the CLI command attribute. The valid values are 192 through 240. The default value is 195.

AuthInvalidServerAddress

Displays the number of access responses from unknown or invalid RADIUS servers.

SourceIpFlag

Note:

Exception: only supported on VSP 8600 Series.

Includes a configured IP address as the source address in RADIUS packets. The default is false. RADIUS supports IPv4 and IPv6 addresses with no difference in functionality or configuration.

CliCmdCount

Gives the value for the CLI command count. Specify an integer from 1 to 40. The default is 40.

CliProfEnable

Enables RADIUS CLI profiling.

SupportedVendorIds

Shows the vendor IDs that the software supports for RADIUS.

RadiusReachability

Specifies the mode for RADIUS reachability. Status-server mode provides a standard-compliant method for RADIUS reachability. Use-radius mode requires the configuration of dummy packets that are sent to RADIUS servers. The default is use-radius mode.

SecureEnable

Enable RADIUS Security (RADSec).

UserName

Specifies the username for RADIUS server reachability. The default is extremenetworks.

Password

Specifies the password for RADIUS server reachability. The default is extremenetworks.

Confirm Password

Confirms the password for RADIUS server reachability.

Unreachable Timer

Specifies, in seconds, the interval between checks when radius server is unreachable. The default is 60 seconds.

Keep Alive Timer

Specifies, in seconds, the interval between checks when radius server is reachable. The default is 180 seconds.