18 Posts
0
2323
Possible RADIUS accounting bug
Hi,
I think I may have found a bug: one of my N2000 switches has accounting enabled for dot1x authentication, and configured to send start & stop messages, but I only ever see start messages in the RADIUS server logs, never any stop messages
Can anyone confirm/replicate this?
Here are the relevant lines from the switch configuration:
aaa accounting dot1x default start-stop radius
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
radius server attribute 8 include-in-access-req
radius server auth 192.168.0.1
primary
name "RADIUS server"
key 7 "omitted"
exit
radius server acct 192.168.0.1
name "RADIUS server"
key 7 "omitted"
exit
Thanks in advance,
Jacob
JacobDegeling
18 Posts
1
May 8th, 2018 17:00
So it turned out that to get the switch to send Accounting stop messages, one has to configure the interface in dot1x MAC-based mode and configure the switchport to general mode (to allow dynamic VLAN assignment).
.
.
.
interface gi1/0/n
dot1x port-control mac-based
switchport mode general
exit
.
.
.
Thanks Daniel for your help. I hope this helps someone!
Jacob
JacobDegeling
18 Posts
0
April 24th, 2018 05:00
Hi,
I think I may have found a bug: one of my N2000 switches has accounting enabled for dot1x authentication, and configured to send start & stop messages, but I only ever see start messages in the RADIUS server logs, never any stop messages
Can anyone confirm/replicate this?
Here are the relevant lines from the switch configuration:
aaa accounting dot1x default start-stop radius
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
radius server attribute 8 include-in-access-req
radius server auth 192.168.0.1
primary
name "RADIUS server"
key 7 "omitted"
exit
radius server acct 192.168.0.1
name "RADIUS server"
key 7 "omitted"
exit
Thanks in advance,
Jacob
Anonymous
274.2K Posts
0
April 24th, 2018 10:00
Are there any pertinent messages recorded in the switch logs? #show logging. Have you done any packet capture to confirm the traffic is not taking place?
Anonymous
274.2K Posts
0
June 21st, 2018 08:00
Just got word that the next firmware release, 6.5.1.6, should include some improvements on when the switch sends accounting stop messages. I do not have any ETA on this firmware, but here is a KB article on how to configure notifications for updates. https://dell.to/2ty9O9t