Alcatel-Lucent 6850-48 网络指南
Configuring 802.1X
802.1X Overview
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 37-7
802.1X Accounting
802.1X authentication sessions may be logged if servers are set up for 802.1X accounting. Accounting
may also be done through the local Switch Logging feature.
may also be done through the local Switch Logging feature.
The 802.1x accounting process also sends an Interim-Update accounting record to a RADIUS accounting
server whenever an authenticated 802.1x client receives an IP address. This record includes the “Frame-
IPAddress” attribute, which contains the IP address of the 802.1x client for the server to log.
server whenever an authenticated 802.1x client receives an IP address. This record includes the “Frame-
IPAddress” attribute, which contains the IP address of the 802.1x client for the server to log.
The Interim-Update record also includes the following attributes, which are the same as those found in the
Start accounting record:
Start accounting record:
• User Name
• NAS-IP-Address
• NAS-Port
• Acct-Session
• Acct-Authentic (to be 1 -radius- for 802.1x users)
• Acct-Terminal-Cause (currently not supported)
• Alcatel-Lucent-Auth-Group (VlanId)
• Alcatel-Lucent-Slot-Port
• Alcatel-Lucent-Client-IP-Addr
• Alcatel-Lucent-Group-Desc (vlan name)
No configuration is required to enable the sending of the Interim-Update record. This record is automati-
cally generated whenever an 802.1x client receives a new IP address. For example, when an 802.1x client
first authenticates and requests an IP address or if an existing 802.1x client performs a release and renew
operation to obtain a new IP address.
cally generated whenever an 802.1x client receives a new IP address. For example, when an 802.1x client
first authenticates and requests an IP address or if an existing 802.1x client performs a release and renew
operation to obtain a new IP address.
Note that this feature is only operational when the following configuration requirements are met:
• The 802.1x client must use DHCP to obtain an IP address. Whenever the client automatically or manu-
ally requests and receives an IP address, the Interim-Update accounting record is generated.
• The switch must have DHCP Snooping globally enabled, or the VLAN to which the 802.1x client is
classified must have DHCP Snooping enabled.
• The accounting server configured is a RADIUS server. This feature is not supported with any other
type of authentication server at this time.
In addition to the Interim-Update record, the Stop record also contains the new “Frame-IP-Address”
attribute. The Stop record is sent when an 802.1x client logs off.
attribute. The Stop record is sent when an 802.1x client logs off.
For information about setting up accounting for 802.1X, see
.