cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Interim-Update account status type in Radius accounting report

sot01
Beginner
Beginner

Currently we noticed that our MAB device account status type in Radius accounting report display only Interim-Update status.

So, what is the cause of this message? Is there any issue in the future? 

1 ACCEPTED SOLUTION

Accepted Solutions

Arne Bier
VIP Advisor VIP Advisor
VIP Advisor

Hello @sot01 

 

This could be quite normal for wired networks where the devices are always plugged in to the NAC enabled switch, and the switch as a command that sends interim updates at regular intervals - the recommended Cisco Switch config below would send an update every 2880 minutes (48 hours)

 

aaa accounting update newinfo periodic 2880

If a device is connected to a NAC switch, then the switch should send a RADIUS Accounting-Start to ISE

If a device is disconnected from a NAC switch, then the switch should send a RADIUS Accounting-Stop to ISE

 

aaa accounting identity default start-stop group ISE-GROUP-NAME

 

 

View solution in original post

2 REPLIES 2

Arne Bier
VIP Advisor VIP Advisor
VIP Advisor

Hello @sot01 

 

This could be quite normal for wired networks where the devices are always plugged in to the NAC enabled switch, and the switch as a command that sends interim updates at regular intervals - the recommended Cisco Switch config below would send an update every 2880 minutes (48 hours)

 

aaa accounting update newinfo periodic 2880

If a device is connected to a NAC switch, then the switch should send a RADIUS Accounting-Start to ISE

If a device is disconnected from a NAC switch, then the switch should send a RADIUS Accounting-Stop to ISE

 

aaa accounting identity default start-stop group ISE-GROUP-NAME

 

 

thomas
Cisco Employee
Cisco Employee

See ISE Secure Wired Access Prescriptive Deployment Guide for recommended AAA/RADIUS Accounting server settings.

 

aaa new-model
aaa session-id common
!
radius server ISE01
 address ipv4 172.20.254.21 auth-port 1812 acct-port 1813
 automate-tester username test-user ignore-acct-port probe-on
 key ISEisC00L
!
radius server ISE02
 address ipv4 172.20.254.22 auth-port 1812 acct-port 1813
 automate-tester username test-user ignore-acct-port probe-on
 key ISEisC00L
!
username test-user password 0 test-password
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf upper-case
radius-server attribute 31 send nas-port-detail mac-only
radius-server dead-criteria time 10 tries 3
radius-server deadtime 15
!
aaa group server radius ISE
 server name ISE01
 server name ISE02
 ip radius source-interface Vlan254
!
aaa authentication dot1x default group ISE
aaa authorization network default group ISE 
aaa accounting update newinfo periodic 2880
aaa accounting dot1x default start-stop group ISE
!
aaa server radius dynamic-author
 client 172.20.254.21 server-key ISEisC00L
 client 172.20.254.22 server-key ISEisC00L

 

See How to Ask The Community for Help for providing suffiicient details to the community experts to help you narrow down and reproduce the problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: