Defining Accounting Methods for a WLAN Service

Accounting tracks the activity of wireless device users. There are two types of accounting available:

  • Controller accounting — Enables the controller to generate Call Data Records (CDRs), containing usage information about each wireless session. CDR generation is enabled on a per VNS basis. For more information on CDRs, refer to section Call Detail Records (CDRs).
  • RADIUS accounting — Enables the controller to generate an accounting request packet with an accounting start record after successful login by the wireless device user, and an accounting stop record based on session termination. The controller sends the accounting requests to a remote RADIUS server.

Controller accounting creates Call Data Records (CDRs). If RADIUS accounting is enabled, a RADIUS accounting server needs to be specified.

To define accounting methods:

  1. From the top menu, click VNS.
  2. In the left pane expand the WLAN Services pane, then click the WLAN Service you want to define accounting methods for. The WLAN Services configuration page is displayed.
  3. Click the Auth & Acct tab.
  4. Click Enable MAC-based authentication.
    Click to expand in new window
    Defining Accounting Methods
    Graphics/vns_configuration_auth_acct.jpg
  5. Click the Configure button to open the MAC-Based Authorization dialog.
    Click to expand in new window
    MAC-Based Authorization Configuration
    Graphics/mac-based_auth_confg_dialog.png
    Click to expand in new window

    MAC-Based Authorization Configuration - Fields and Buttons

    Field/Button Description
    MAC-based authorization on roam Select method for MAC-based authorization:

    Never: disables the feature

    On inter-AP roam: enables MAC-based authorization on roam.

    On inter-Area roam: enables MAC-based authorization sent to the RADIUS server on area roams.

    Automatically Authenticate Authorized Users Select to automatically authenticate authorized users. When set, a station that passes MAC-based authentication is treated as fully authorized. For example, its authentication state is set to fully authenticated. This can trigger a change to the role applied to the station. If Captive Portal authentication is also configured on the WLAN Service, a station that passes MAC-based authentication will not have to pass Captive Portal authentication as well.
    Allow Un-Authorized Users Select to allow un-authorized users which permits stations that do not pass MAC-based authentication to stay on the network in an un-authorized state. The station can be confined to a “Walled Garden” by its assigned role. If Captive Portal authentication is also configured on the WLAN Service, a station that fails MAC-based authentication can still become authorized by passing Captive Portal authentication.
    Note: Only select this checkbox if you want your clients to be authorized every time they roam to another AP. If this option is not enabled, and MAC-based authentication is in use, the client is authenticated only at the start of a session.
    RADIUS accounting begins after MAC-based authorization completes Select to delay RADIUS accounting until after MAC-based authorization is complete.
    RADIUS Server Timeout Role Select a Radius Server Timeout Role from the drop-down list.
  6. To enable Controller accounting, select Collect Accounting Information of Wireless Controller.
  7. To enable RADIUS accounting, from the RADIUS Servers drop-down list, click the RADIUS server you want to use for RADIUS accounting, and then click Use.

    The server name is added to the Server table of assigned RADIUS servers. The selected server is no longer available in the RADIUS servers drop-down list.

    The RADIUS servers are defined on the Global Settings screen. For more information, see Defining RADIUS Servers and MAC Address Format.

  8. In the Server table, select the checkbox in the Acct column to enable accounting for each applicable RADIUS server.
  9. In the Server table click the RADIUS server, and then click Configure.The RADIUS Parameters dialog is displayed.

    The configured values for the selected server are displayed in the table at the top.

    Click to expand in new window
    RADIUS Parameters dialog
    Graphics/VNS_RADIUS_accounting_param.png
  10. For NAS IP Address, accept the default of “Use VNS IP address” or de-select the checkbox and type the IP address of a Network Access Server (NAS).
  11. For NAS Identifier, accept the default of “Use VNS name” or type the Network Access Server (NAS) identifier. The NAS identifier is a RADIUS attribute that identifies the server responsible for passing information to designated RADIUS servers and then acting on the response returned.
  12. For Auth. type, select the Protocol using the drop down list. Choices are PAP, CHAP, MS-CHAP, or MS-CHAP2.
  13. In the Password box, type the password that will be passed to RADIUS for wireless MAC authentication.

    To proofread your shared secret key, click Unmask. The password is displayed.

  14. Click OK.
  15. To save your changes, click Save.