What is the significnace of Radius Accounting Immediate Stop on 6.4.

Aruba Employee

Environment- No special environment required for this feature to work.

Answer- 1.    Radius accounting stop is sent immediately after user disassoc without waiting for idle-timeout.
2.    This feature is  only supported for wireless users in tunnel and d-tunnel forward modes.
3.    Configuring user-idle-timeout as 0 in aaa profile will  immediately trigger radius accounting stop upon client disassoc.


Here is the Command to configure user-idle-timeout as “0” in aaa profile.
(Testlab) (config) #aaa profile default
(Testlab) (AAA Profile "default") #user-idle-timeout ?
<seconds>              User idle timeout in seconds. Value of 0 deletes the user immediately on disassoc/disconnect. 
Valid range is 30-15300 seconds in multiples of 30 seconds
(Testlab) (AAA Profile "default") #user-idle-timeout


(Testlab) (config) #show aaa profile default
AAA Profile “default"
----------------------
Parameter                           Value
---------                           -----
Initial role                        logon
MAC Authentication Profile          N/A
MAC Authentication Default Role     mac-role
MAC Authentication Server Group     testlab-grp
802.1X Authentication Profile       test-dot1x
802.1X Authentication Default Role  authenticated
802.1X Authentication Server Group  testlab
Download Role from CPPM             Disabled
L2 Authentication Fail Through      Disabled
Multiple Server Accounting          Disabled
User idle timeout                   0 sec     
RADIUS Accounting Server Group      rad-acct-grp
RADIUS Interim Accounting           Enabled
XML API server                      10.15.100.245
RFC 3576 server                     10.15.100.245
User derivation rules               N/A
Wired to Wireless Roaming           Enabled
SIP authentication role             N/A
Device Type Classification          Enabled
Enforce DHCP                        Disabled
PAN Firewall Integration            Disabled
(Testlab) (config) #


Jan 27 04:44:17  station-up             *  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    -    wpa2 aes
Jan 27 04:44:17  eap-id-req            <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               1    5
Jan 27 04:44:17  eap-id-resp           ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               1    11   smoke1
Jan 27 04:44:17  rad-req               ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               200  199
Jan 27 04:44:17  rad-resp              <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1/Testlab-radius  200  90
Jan 27 04:44:17  eap-req               <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               2    6
Jan 27 04:44:17  eap-nak               ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               2    6
Jan 27 04:44:17  rad-req               ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1/Testlab-radius  201  232
Jan 27 04:44:17  rad-resp              <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1/Testlab-radius  201  90
Jan 27 04:44:17  eap-req               <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               7    107
Jan 27 04:44:17  eap-resp              ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               7    43
Jan 27 04:44:17  rad-req               ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1/Testlab-radius  204  269
Jan 27 04:44:17  rad-accept            <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1/Testlab-radius  204  238
Jan 27 04:44:17  eap-success           <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               7    4
Jan 27 04:44:17  wpa2-key1             <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    117
Jan 27 04:44:17  wpa2-key2             ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    135
Jan 27 04:44:17  wpa2-key3             <-  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    151
Jan 27 04:44:17  wpa2-key4             ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    95
Jan 27 04:44:21  rad-acct-start        ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    -
Jan 27 04:44:41  eap-logoff            ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    -
Jan 27 04:44:41  rad-acct-stop         ->  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    -
Jan 27 04:44:41  station-down           *  00:26:c6:44:86:08  d8:c7:c8:8b:5e:f1               -    -

To enable user debug logs--logging level debugging user
Show log user all – Will display the below information



Jan 27 04:44:22 :522038:  <INFO> |authmgr|  username=smoke1 MAC=00:26:c6:44:86:08 IP=172.2.2.2 Authentication result=Authentication Successful method=radius-accounting server=Testlab-radius
Jan 27 04:44:41 :522296:  <DBUG> |authmgr|  Auth GSM : USER_STA delete event for user 00:26:c6:44:86:08 age 0 deauth_reason 1
Jan 27 04:44:41 :522036:  <INFO> |authmgr|  MAC=00:26:c6:44:86:08 Station DN: BSSID=d8:c7:c8:8b:5e:f1 ESSID=test-ssid-wpa2-50 VLAN=276 AP-name=AP134-b5ee
Jan 27 04:44:41 :522261:  <DBUG> |authmgr|  "User MAC:00:26:c6:44:86:08: purge IP:172.2.2.2.
Jan 27 04:44:41 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 18 mac 00:26:c6:44:86:08 name smoke1 role authenticated devtype Win XP wired 0 authtype 4 subtype 9  encrypt-type 10 conn-port 8448 fwd-mode 0
Jan 27 04:44:41 :522005:  <INFO> |authmgr|  MAC=00:26:c6:44:86:08 IP=172.2.2.2 User entry deleted: reason=user request
Jan 27 04:44:41 :522004:  <DBUG> |authmgr|  MAC=00:26:c6:44:86:08 Reset station role to authenticated (158) (ingress=65546)
Jan 27 04:44:41 :522050:  <INFO> |authmgr|  MAC=00:26:c6:44:86:08,IP=N/A User data downloaded to datapath, new Role=authenticated/158, bw Contract=0/0, reason=Station resetting role, idle-timeout=0
Jan 27 04:44:41 :522262:  <DBUG> |authmgr|  "User MAC:00:26:c6:44:86:08: Total users purged = 1.
Jan 27 04:44:41 :522244:  <DBUG> |authmgr|  MAC=00:26:c6:44:86:08 Station Deleted Update MMS
Jan 27 04:44:41 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 18 mac 00:26:c6:44:86:08 name smoke1 role authenticated devtype Win XP wired 0 authtype 4 subtype 9  encrypt-type 10 conn-port 8448 fwd-mode 0
Jan 27 04:44:41 :522004:  <DBUG> |authmgr|  00:26:c6:44:86:08: station datapath entry deleted
Jan 27 04:44:41 :522290:  <DBUG> |authmgr|  Auth GSM : MAC_USER delete for mac 00:26:c6:44:86:08
Jan 27 04:44:41 :522303:  <DBUG> |authmgr|  Auth GSM : USER delete for mac 00:26:c6:44:86:08 uuid 18
Jan 27 04:44:41 :522265:  <DBUG> |authmgr|  "MAC:00:26:c6:44:86:08: Deallocating UUID: 18.
Jan 27 04:44:41 :522038:  <INFO> |authmgr|  username=smoke1 MAC=00:26:c6:44:86:08 IP=172.2.2.2 Authentication result=Authentication Successful method=radius-accounting server=Testlab-radius

 

rtaImage (6).jpg

 

 

Notes- 

The idle timeout of 0 should not be configured in aaa profiles meant for wired users or remote users. It is applicable only for wireless users in tunnel/d-tunnel mode.

Version history
Revision #:
1 of 1
Last update:
‎04-03-2015 12:34 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.