This post is more than 5 years old
18 Posts
0
2436
April 24th, 2018 05:00
Possible RADIUS accounting bug
Hi,
I think I may have found a bug: one of my N2000 switches has accounting enabled for dot1x authentication, and configured to send start & stop messages, but I only ever see start messages in the RADIUS server logs, never any stop messages
Can anyone confirm/replicate this?
Here are the relevant lines from the switch configuration:
aaa accounting dot1x default start-stop radius
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
radius server attribute 8 include-in-access-req
radius server auth 192.168.0.1
primary
name "RADIUS server"
key 7 "omitted"
exit
radius server acct 192.168.0.1
name "RADIUS server"
key 7 "omitted"
exit
Thanks in advance,
Jacob
JacobDegeling
18 Posts
1
May 8th, 2018 17:00
So it turned out that to get the switch to send Accounting stop messages, one has to configure the interface in dot1x MAC-based mode and configure the switchport to general mode (to allow dynamic VLAN assignment).
.
.
.
interface gi1/0/n
dot1x port-control mac-based
switchport mode general
exit
.
.
.
Thanks Daniel for your help. I hope this helps someone!
Jacob
JacobDegeling
18 Posts
0
April 24th, 2018 05:00
Hi,
I think I may have found a bug: one of my N2000 switches has accounting enabled for dot1x authentication, and configured to send start & stop messages, but I only ever see start messages in the RADIUS server logs, never any stop messages
Can anyone confirm/replicate this?
Here are the relevant lines from the switch configuration:
aaa accounting dot1x default start-stop radius
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
radius server attribute 8 include-in-access-req
radius server auth 192.168.0.1
primary
name "RADIUS server"
key 7 "omitted"
exit
radius server acct 192.168.0.1
name "RADIUS server"
key 7 "omitted"
exit
Thanks in advance,
Jacob