04-18-2011 09:30 AM
Hello all,
I have configured my SF 302-08P switch to perform 802.1X & MAC authentication. This works fine in both cases but I cannot get the switch to send accounting requests to my RADIUS server. Even when the server sends back an Acct-Interim-Interval attribute in the Access-Accept message, the switch doesn't generate accounting requests. Is it a known restriction or am I missing something?
I'm a little bit surprised since the datasheet claims that both RADIUS authentication and accounting are supported for 802.1X. The switch version is 1.0.0.27.
Regards,
Simon
04-18-2011 12:06 PM
Hi Simon,
The datasheet does say;
The switch isn't the supplicant, so the 300 series should provide radius authentication and Accounting.
Dare I ask would it be possible to see a wireshark capture of the supplicant requesting authentication and possibly a reuest for radius accounting after the supplicant has disconnected ? Hope fully the capture wont be too big somethimng sounds a bit fishy.
Or if you wish, just open a case with the Small Business Support Center.
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
regards Dave
04-19-2011 12:59 AM
Hi Dave,
I've attached 2 PCAP files: one is captured from the supplicant and the other one from the RADIUS server.
I'm not sure about what you mean with "a request for radius accounting after the supplicant has disconnected". From my understanding, the switch should send an initial Acct-Start request immediatly after the RADIUS server has authenticated the supplicant. At least this is what I get with other switches...
Thanks for the help.
04-20-2011 05:53 AM
Hi Simon,
Yep according to the RFC2866 it states"
When a client is configured to use RADIUS Accounting, at the start of
service delivery it will generate an Accounting Start packet
describing the type of service being delivered and the user it is
being delivered to, and will send that to the RADIUS Accounting
server, which will send back an acknowledgement that the packet has
been received. At the end of service delivery the client will
generate an Accounting Stop packet describing the type of service
that was delivered and optionally statistics such as elapsed time,
input and output octets, or input and output packets. It will send
that to the RADIUS Accounting server, which will send back an
acknowledgement that the packet has been received."
The delay in my response was trying to simulate the scenario, but I don't have all the pieces here.
Have a Chat to the boys/gals at SBSC to get some clarification. http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
regards Dave
04-20-2011 07:36 AM
Thanks for your help Dave. I'll try with the support line.
Simon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide