Configuring RADIUS Accounting.
KB Article Type: controller
RELATED PRODUCTS: N/A
RELATED SOFTWARE VERSIONS: N/A
KEYWORDS: controller, Radius, accounting
If we have a RADIUS accounting server in your network, we can configure the controller to act as a RADIUS client which allows the controller to send accounting records to the RADIUS accounting server. The controller sends accounting records only for clients who enter the wireless network as 802.1X authorized users. We can configure a RADIUS profile for the primary RADIUS accounting server and another profile for a secondary RADIUS accounting server, which serves as a backup should the primary server be offline. The RADIUS accounting profile requires the IP address, port number 1813, and secret key for the RADIUS server.
CONFIGURATION STEPS:
GUI Steps:
Configuring primary radius accounting server profile.
Configuration>Security>Radius>ADD
Profile Name: Name
Radius IP: x.x.x.x
Radius Secret : Key
Radius Port: 1813
Similarly configure 2nd security profile to use as back up accounting server if primary fails.
Now map both radius profiles to ESS.
Configuration>Wireless>ESS
Primary RADIUS Accounting Server: profile1
Secondary RADIUS Accounting Server: profile2
Accounting Interim Interval (seconds): 600
CLI:
The RADIUS accounting profile requires the IP address, port number 1813, and secret key for the RADIUS server.
default# configure terminal
default(config)# radius-profile name
default(config-radius)# ip-address x.x.x.x
default(config-radius)# key key
default(config-radius)# port 1813
default(config-radius)# exit
For additional reliability, configure a secondary RADIUS accounting server profile to serve as a backup should the primary server become unavailable.
controller(config-essid)# accounting primary-radius main-acct
controller(config-essid)# accounting secondary-radius backup-acct
controller(config-essid)# accounting interim-interval 600
controller(config-essid)# exit
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.