accounting

Configures the server type and interval at which interim accounting updates are sent to the server. A maximum of 12 accounting servers can be configured.

Supported on the following devices:

Syntax

accounting [interim|server|type]
accounting interim interval <60-3600>
accounting server [<1-12>|preference]
accounting server preference [auth-server-host|auth-server-number|none]
accounting server <1-12> [dscp|host|nai-routing|onboard|proxy-mode|retry-timeout-factor|
timeout]
accounting server <1-12> [dscp <0-63>|retry-timeout-factor <50-200>]
accounting server <1-12> host <IP/HOSTNAME/HOST-ALIAS> secret [0 <SECRET>|2 <SECRET>|<SECRET>] 
{port <1-65535>}
accounting server <1-12> nai-routing realm-type [prefix|suffix] realm <REALM-TEXT> {strip}
accounting server <1-12> onboard [centralized-controller|self|controller]
accounting server <1-12> proxy-mode [none|through-centralized-controller|through-controller|
through-mint-host <HOSTNAME/MINT-ID>|through-rf-domain-manager]
accounting server <1-12> timeout <1-60> {attempts <1-10>}
accounting type [start-interim-stop|start-stop|stop-only]

Parameters

accounting interim interval <60-3600>

interim

Configures the interim accounting interval. This is the interval at which interim accounting updates are posted to the accounting server.

interval <60-3000>

Specify the interim interval from 60 - 3600 seconds. The default is 1800 seconds.

accounting server preference [auth-server-host|auth-server-number|none]

server

Configures the RADIUS accounting server‘s settings

preference

Configures the accounting server‘s preference mode. Authentication requests are forwarded to an accounting server, from the pool, based on the preference mode selected.

auth-server-host

Sets the authentication server as the accounting server. This is the default setting.

This parameter indicates the same server is used for authentication and accounting. The server is identified by its hostname.

auth-server-number

Sets the authentication server as the accounting server

This parameter indicates the same server is used for authentication and accounting. The server is identified by its index number.

none

Indicates the accounting server is independent of the authentication server
accounting server <1-12> [dscp <0-63>|retry-timeout-factor <50-200>]

server <1-12>

Configures an accounting server. Up to 12 accounting servers can be configured.
  • <1-12> – Specify the accounting server index from 1 - 12.

dscp <0-63>

Sets the Differentiated Services Code Point (DSCP)value for Quality of Service (QoS)monitoring. This value is used in generated RADIUS packets.
  • <0-63> – Sets the DSCP value from 0 - 63. The default value is 34.
retry-timeout-factor <50-200> Sets the scaling factor for retransmission timeouts. The timeout at each attempt is a function of this retry-timeout factor and the attempt number.
  • <50-200> – Specify a value from 50 - 200. The default is 100.

If the scaling factor is 100, the interval between two consecutive retries remains the same, irrespective of the number of retries.

If the scaling factor is less than 100, the interval between two consecutive retires reduces with subsequent retries.

If this scaling factor is greater than 100, the interval between two consecutive retries increases with subsequent retries.

accounting server <1-12> host <IP/HOSTNAME/HOST-ALIAS> secret [0 <SECRET>|2 <SECRET>|
<SECRET>] {port <1-65535>}
server <1-12> Configures an accounting server. Up to 12 accounting servers can be configured.
  • <1-12> – Specify the accounting server index from 1 - 12.
host <IP/HOSTNAME/HOST-ALIAS> Configures the accounting server‘s hostname IP address, or host-alias

The host alias should be existing and configured.

secret [0 <SECRET>| 2 <SECRET>| <SECRET>] Configures a common secret key used to authenticate with the accounting server
  • 0 <SECRET> – Configures a clear text secret key

  • 2 <SECRET> – Configures an encrypted secret key

  • <SECRET> – Specify the secret key. This shared secret should not exceed 127 characters.

port <1-65535> Optional. Configures the accounting server‘s UDP port (the port used to connect to the accounting server)
  • <1-65535> – Specify the port number from 1 - 65535. The default value is 1813.
accounting server <1-12> nai-routing realm-type [prefix|suffix] realm <REALM-TEXT> {strip}

server <1-12>

Configures an accounting server. Up to 12 accounting servers can be configured.
  • <1-12> – Specify the accounting server index from 1 - 12.
nai-routing Enables Network Access Identifier (NAI) routing. This option is disabled by default.

The NAI is a character string in the format of an e-mail address as either user or user@realm but it need not be a valid e-mail address or a fully qualified domain name. AAA servers identify clients using the NAI. The NAI can be used either in a specific or generic form. The specific form, which must contain the user portion and may contain the @realm portion, identifies a single user. Using the generic form allows all users to be configured on a single command line, irrespective of whether the users are within a realm or not. Each user still needs a unique security association, but these associations can be stored on a AAA server. The original purpose of the NAI was to support roaming between dial up ISPs. With NAI, an ISP does not have the accounts for all of its roaming partners in a single RADIUS database. RADIUS servers can proxy requests to remote servers as need be.

realm-type Specifies whether the prefix or suffix of the username is used as the match criteria. For example, if the option selected is prefix, the username‘s prefix is matched to the realm.
[prefix|suffix]

Select one of the following options:

  • prefix – Matches the prefix of the username (For example, username is of type DOMAIN/user1, DOMAIN/user2). This is the default setting.
  • suffix – Matches the suffix of the username (For example, user1@DOMAIN, user2)@DOMAIN)
realm <REALM-TEXT> Configures the text matched against the username. Enter the realm name (should not exceed 50 characters). When the RADIUS accounting server receives a request for a user name, the server references a table of user names. If the user name is known, the server proxies the request to the RADIUS server.
  • <REALM-TEXT> – Specifies the matching text including the delimiter (a delimiter is typically '' or '@')
strip Optional. When enabled, strips the realm from the username before forwarding the request to the RADIUS server. This option is disabled by default.
accounting server <1-12> onboard [centralized-controller|self|controller]
server <1-12> Configures an accounting server. Up to 12 accounting servers can be configured.
  • <1-12> – Specify the accounting server index from 1 - 12.
onboard

Selects an onboard server instead of an external host

centralized-controller Configures the server on the centralized controller managing the network
self Configures the onboard server on a AP, wireless controller, or service platform (where the client is associated)
controller Configures local RADIUS server settings
accounting server <1-12> proxy-mode [none|through-centralized-controller|
through-controller|through-mint-host <HOSTNAME/MINT-ID>|through-rf-domain-manager]
server <1-12> Configures an accounting server. Up to 12 accounting servers can be configured.
  • <1-12> – Specify the accounting server index from 1 - 12.
proxy-mode Configures the mode used to proxy requests. The options are: none, through-controller, and through-rf-domain-manager.
none No proxy required. Sends the request directly using the IP address of the device. This is the default setting.
through-centralized-controller Proxies requests through the centralized controller that is configuring and managing the network
through-controller Proxies requests through the controller (access point, wireless controller, or service platform) configuring the device
through-mint-host <HOSTNAME/MINT-ID> Proxies requests through a neighboring MiNT device. Provide the device‘s MiNT ID or hostname.
through-rf-domain- manager Proxies requests through the local RF Domain Manager
accounting server <1-12> timeout <1-60> {attempts <1-10>}
server <1-12> Configures an accounting server. Up to 12 accounting servers can be configured.
  • <1-12> – Specify the accounting server index from 1 - 12.
timeout <1-60> Configures the timeout for each request sent to the RADIUS server
  • <1-60> – Specify a value from 1 - 60 seconds. The default is 5 seconds.
{attempts<1-10>} Optional. Specifies the number of attempts made at transmitting a request before being dropped
  • <1-10> – Specify a value from 1 - 10. The default is 3.
accounting type [start-interim-stop|start-stop|stop-only]
type Configures the type of RADIUS accounting packets sent. The options are: start-interim-stop, start-stop, and stop-only.
start-interim-stop Sends accounting-start and accounting-stop messages at the start and end of the session. This option also sends interim accounting updates.
start-stop Sends only accounting-start and accounting-stop messages at the start and end of the session. Interim accounting updates are not sent. This is the default setting.
stop-only Sends only an accounting-stop message at the end of the session

Examples

nx9500-6C8809(config-aaa-policy-test)#accounting interim interval 65
nx9500-6C8809(config-aaa-policy-test)#accounting server 2 host 172.16.10.10 secret 
test1 port 1
nx9500-6C8809(config-aaa-policy-test)#accounting server 2 timeout 2 attempts 2
nx9500-6C8809(config-aaa-policy-test)#accounting type start-stop
nx9500-6C8809(config-aaa-policy-test)#accounting server preference auth-server-number
nx9500-6C8809(config-aaa-policy-test)#show context
aaa-policy test
 accounting server 2 host 172.16.10.10 secret 0 test1 port 1
 accounting server 2 timeout 2 attempts 2
 accounting interim interval 65
 accounting server preference auth-server-number
nx9500-6C8809(config-aaa-policy-test)#

Related Commands

no Removes or resets accounting server parameters