DescriptionConfiguring RADIUS Accounting.
ScopeKB Article Type: controller
RELATED PRODUCTS: N/A
RELATED SOFTWARE VERSIONS: N/A
KEYWORDS: controller, Radius, accounting
SolutionIf we have a RADIUS accounting server in your network, we can configure
the controller to act as a RADIUS client which allows the controller to
send accounting records to the RADIUS accounting server. The controller
sends accounting records only for clients who enter the wireless
network as 802.1X authorized users. We can configure a RADIUS profile
for the primary RADIUS accounting server and another profile for a
secondary RADIUS accounting server, which serves as a backup should the
primary server be offline. The RADIUS accounting profile requires the IP
address, port number 1813, and secret key for the RADIUS server.
CONFIGURATION STEPS:
GUI Steps:
Configuring primary radius accounting server profile.
Configuration>Security>Radius>ADD
Profile Name: Name
Radius IP: x.x.x.x
Radius Secret : Key
Radius Port: 1813
Similarly configure 2nd security profile to use as back up accounting server if primary fails.
Now map both radius profiles to ESS.
Configuration>Wireless>ESS
Primary RADIUS Accounting Server: profile1
Secondary RADIUS Accounting Server: profile2
Accounting Interim Interval (seconds): 600
CLI:
The RADIUS accounting profile requires the IP address, port number 1813, and secret key for the RADIUS server.
default# configure terminal
default(config)# radius-profile name
default(config-radius)# ip-address x.x.x.x
default(config-radius)# key key
default(config-radius)# port 1813
default(config-radius)# exit
For
additional reliability, configure a secondary RADIUS accounting server
profile to serve as a backup should the primary server become
unavailable.
controller(config-essid)# accounting primary-radius main-acct
controller(config-essid)# accounting secondary-radius backup-acct
controller(config-essid)# accounting interim-interval 600
controller(config-essid)# exit
