Cisco Cisco Clean Access 3.5
6-26
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 6 User Management: Auth Servers
RADIUS Accounting
RADIUS Accounting
The Clean Access Manager can be configured to send accounting messages to a RADIUS accounting
server. The CAM sends a Start accounting message when a user logs into the network and sends a Stop
accounting message when the user logs out of the system (or is logged out or timed out). This allows for
the accounting of user time and other attributes on the network.
server. The CAM sends a Start accounting message when a user logs into the network and sends a Stop
accounting message when the user logs out of the system (or is logged out or timed out). This allows for
the accounting of user time and other attributes on the network.
Release 3.5 adds additional control over the data that is sent in accounting packets. You can customize
the data to be sent for login events, logout events, or shared events (login and logout events).
the data to be sent for login events, logout events, or shared events (login and logout events).
Enable RADIUS Accounting
1.
Go to User Management > Auth Servers > Accounting > Server Config
Figure 6-23
RADIUS Accounting Server Config Page
2.
Select Enable RADIUS Accounting to enable the Clean Access Manager to send accounting
information to the named RADIUS accounting server.
information to the named RADIUS accounting server.
3.
Enter values for the following form fields:
–
Server Name – The fully qualified host name (e.g. auth.cisco.com) or IP address of the
RADIUS accounting server.
RADIUS accounting server.
–
Server Port – The port number on which the RADIUS server is listening. The Server Name and
Server Port are used to direct accounting traffic to the accounting server.
Server Port are used to direct accounting traffic to the accounting server.
–
Timeout(sec) – Specifies how long to attempt to retransmit a failed packet.
–
Shared Secret—The shared secret used to authenticate the Clean Access Manager accounting
client with the specified RADIUS accounting server.
client with the specified RADIUS accounting server.
–
NAS-Identifier – The NAS-Identifier value to be sent with all RADIUS accounting packets.
Either a NAS-Identifier or a NAS-IP-Address must be specified to send the packets.
Either a NAS-Identifier or a NAS-IP-Address must be specified to send the packets.
–
NAS-IP-Address – The NAS-IP-Address value to be sent with all RADIUS accounting packets.
Either a NAS-IP-Address or a NAS-Identifier must be specified to sent the packets.
Either a NAS-IP-Address or a NAS-Identifier must be specified to sent the packets.