RADIUS Accounting

Remote Authentication Dial-In User Service (RADIUS) server accounting is supported for recording information about user activity.

RADIUS server accounting supports:

Login (EXEC) accounting
Command accounting

Note

System event accounting is not supported.

When you configure RADIUS accounting on a device, information is sent to the RADIUS accounting server when specific events occur; for example, when a user logs in to the device.

RADIUS accounting works as follows:

One of the following events occurs on the device:
- A user logs in to the management interface using Telnet or SSH.
- A user enters a command for which RADIUS accounting has been configured.
The device checks its configuration to see if the event is one for which RADIUS accounting is required.
When the event is concluded, the device sends an accounting stop packet to the RADIUS accounting server.
The RADIUS accounting server acknowledges receipt of the accounting stop packet.

Note

RADIUS server accounting can be enabled and used regardless of whether authentication is performed locally, on a RADIUS server, or on a TACACS+ server. However, RADIUS accounting only takes place after successful authentication.

Note

In command accounting, commands with a partial timestamp are not accounted.

By default, RADIUS server accounting is disabled. Prior to enabling RADIUS server accounting, at least one RADIUS server must be configured.

For command accounting, the Vendor Specific Attribute (VSA) Brocade-Cmd must be added on RADIUS server.

Before downgrading to a software version that does not support RADIUS accounting, both login and command accounting must be disabled.