Radius accounting packets.

mauclair · ‎03-07-2022

I have a Catalyst 2960X switch tah has Radius server configuration and aaa accounting dot1x default start-stop.

On the switch there are multiple interfaces configure for dot1x but some have no dot1x configured.

Is it normal behavior that the switch will send update packets to the radius server for an interface not having any dot1x configured on it?

aaa new-model

aaa group server radius TestLab

aaa accounting dot1x default start-stop group TestLab

aaa accounting update periodic 5

aaa session-id common

radius-server attribute 44 extend-with-addr

radius-server attribute 11 default direction in

radius-server dead-criteria time 5 tries 2

radius-server retransmit 2

radius-server deadtime 5

radius-server unique-ident 11

radius-server vsa send accounting

radius-server vsa send authentication

Interface configuration:

interface GigabitEthernet1/0/2

description *** Test port for Radius Accounting ***

switchport access vlan 42

switchport mode access

switchport voice vlan 250

ip arp inspection trust

mls qos trust dscp

spanning-tree portfast

spanning-tree bpduguard enable

ip dhcp snooping trust

end

Debug radius accounting output:

Mar 4 15:03:18.720: RADIUS(000000AA): Send Accounting-Request to 172.17.38.69:1646 id 1646/101, len 259

Mar 4 15:03:18.720: RADIUS: authenticator BC B6 14 0D DE B8 E1 87 - 49 57 9F 68 35 62 AC A8

Mar 4 15:03:18.720: RADIUS: Acct-Session-Id [44] 26 "AC1205640B000000000000A0"

Mar 4 15:03:18.720: RADIUS: Vendor, Cisco [26] 49

Mar 4 15:03:18.720: RADIUS: Cisco AVpair [1] 43 "audit-session-id=AC1205640000009E00223102"

Mar 4 15:03:18.720: RADIUS: Calling-Station-Id [31] 19 "00-1A-E2-2B-12-55"

Mar 4 15:03:18.720: RADIUS: Vendor, Cisco [26] 32

Mar 4 15:03:18.720: RADIUS: Cisco AVpair [1] 26 "connect-progress=Call Up"

Mar 4 15:03:18.720: RADIUS: Acct-Session-Time [46] 6 317

Mar 4 15:03:18.720: RADIUS: Acct-Input-Octets [42] 6 17508

Mar 4 15:03:18.720: RADIUS: Acct-Output-Octets [43] 6 438120

Mar 4 15:03:18.720: RADIUS: Acct-Input-Packets [47] 6 181

Mar 4 15:03:18.720: RADIUS: Acct-Output-Packets [48] 6 1354

Mar 4 15:03:18.720: RADIUS: Acct-Authentic [45] 6 Local [2]

Mar 4 15:03:18.720: RADIUS: Acct-Status-Type [40] 6 Watchdog [3]

Mar 4 15:03:18.720: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]

Mar 4 15:03:18.720: RADIUS: NAS-Port [5] 6 50102

Mar 4 15:03:18.720: RADIUS: NAS-Port-Id [87] 22 "GigabitEthernet1/0/2"

Mar 4 15:03:18.720: RADIUS: Called-Station-Id [30] 19 "64-D8-14-C0-76-02"

Mar 4 15:03:18.720: RADIUS: Service-Type [6] 6 Framed [2]

Mar 4 15:03:18.720: RADIUS: NAS-IP-Address [4] 6 172.18.5.100

Mar 4 15:03:18.725: RADIUS: Acct-Delay-Time [41] 6 0

MHM Cisco World · ‎03-07-2022

do show auth session g1/0/2
check account-id is same as appear in debug?

mauclair · ‎03-07-2022

No auth done through Radius.

mauclair · ‎03-07-2022

As a side note, the packets seem to be generated every 5 minutes ( following the aaa accounting update periodic 5 )

MHM Cisco World · ‎03-07-2022

aaa accounting dot1x default start-stop group TestLab<- change the default to List-name
try this way where the default send account log for all interface, and for periodic 5 there are three
start

stop
interim.<- periodic time need here