Re: MAB accounting question

hassan4917 · ‎11-03-2022

Hi everyone,

I'm configuring MAB for some devices on Cisco 9300 switches (IOS-XE 17.03.04).

For authentication I am using microsoft NPS server.

The whole thing is working fine, but i want to ask if there's a way to tweak the periodic accounting updates for MAB requests? It is updating a log event every 60 seconds, which I guess must be the default?

I can see there is command "aaa accounting update periodic" but this seems to only apply to dot1x requests.

Any help would be appreciated as I want to keep the log files as small as possible.

balaji.bandi · ‎11-03-2022

i belive its same use - newinfo.

aaa accounting update newinfo periodic XXXX

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hassan4917 · ‎11-03-2022

@balaji.bandi that doesn't seem to have worked, log still occurring every 60 secs

Damien Miller · ‎11-04-2022

The command Balaji shared is the one we use for this. What are you using for the timer?

If the NPS server sending a session timer by chance? You could be able to see this in the show auth session on the cli. The other thought I have is that the endpoint or the port is restarting the dot1x process. You can also see this is you watch the show auth session. You would see the dot1x status change to running.

The "aaa accounting update newinfo periodic <seconds>" will send an accounting update regardless of any change in the number of seconds you configure it for. But the "newinfo" key word this command will also mean that the switch sends an accounting update on demand when it determines there is a change in the information for an endpoint, in this case it ignores the timer.

thomas · ‎11-04-2022

See ISE Secure Wired Access Prescriptive Deployment Guide for our authoritative IOS commands for 802.1X and MAB.