Brocade Communications Systems Brocade ICX 6650 6650 Manuel D’Utilisation
Brocade ICX 6650 Security Configuration Guide
183
53-1002601-01
802.1X accounting configuration
•
The user MAC address
•
The authenticating physical port number
An Accounting Start packet is sent to the RADIUS server when a user is successfully authenticated.
The Start packet indicates the start of a new session and contains the user MAC address and
physical port number. The 802.1X session state will change to Authenticated and Permit after
receiving a response from the accounting server for the accounting Start packet. If the Accounting
service is not available, the 802.1X session status will change to Authenticated and Permit after a
RADIUS timeout. The device will retry authentication requests three times (the default), or the
number of times configured on the device.
The Start packet indicates the start of a new session and contains the user MAC address and
physical port number. The 802.1X session state will change to Authenticated and Permit after
receiving a response from the accounting server for the accounting Start packet. If the Accounting
service is not available, the 802.1X session status will change to Authenticated and Permit after a
RADIUS timeout. The device will retry authentication requests three times (the default), or the
number of times configured on the device.
An Accounting Stop packet is sent to the RADIUS server when one of the following events occur:
•
The user logs off
•
The port goes down
•
The port is disabled
•
The user fails to re-authenticate after a RADIUS timeout
•
The 802.1X port control-auto configuration changes
•
The MAC session clears (through use of the clear dot1x mac-session CLI command)
The Accounting Stop packet indicates the end of the session and the time the user logged out.
802.1X accounting attributes for RADIUS
Brocade devices support the following RADIUS attributes for 802.1X accounting.
Enabling 802.1X accounting
To enable 802.1X accounting, enter the following command.
Brocade(config)# aaa accounting dot1x default start-stop radius none
Syntax: aaa accounting dot1x default start-stop radius | none
radius – Use the list of all RADIUS servers that support 802.1X for authentication.
TABLE 31
802.1X accounting attributes for RADIUS
Attribute name
Attribute ID
Data Type
Description
Acct-Session-ID
44
Integer
The account session ID, which is a number from 1 to
4294967295.
4294967295.
Acct-Status-Type
40
integer
Indicates whether the accounting request marks the
beginning (start) or end (stop) of the user service.
1 – Start
2 – Stop
beginning (start) or end (stop) of the user service.
1 – Start
2 – Stop
Calling-Station-Id
31
string
The supplicant MAC address in ASCII format (upper case
only), with octet values separated by a dash (-). For
example 00-10-A4-23-19-C0
only), with octet values separated by a dash (-). For
example 00-10-A4-23-19-C0
NAS-Port
5
integer
The physical port number.
NAS-Port-Type
61
integer
The physical port type.
user-name
1
string
The user name.