Wireless Access

Reply
New Contributor

ArubaOS8 RADIUS Accounting

Hey guys,

I'm having a real tough time trying to find documentation on how to get RADIUS accounting working for controller management.  We have 7205 controllers in HA mode and I was able to get RADIUS authentication working properly with our FreeRADIUS server but I cannot find any options to send accounting info (config changes is what I mostly want to capture).  There is a checkbox for TACACS accounting but nothing for RADIUS.  The only location I see for adding RADIUS accounting is under AAA profiles but I don't see an option to associate a AAA profile with management access.  Is syslog the only way to capture this if we're not using TACACS?

 

Please help!

Re: ArubaOS8 RADIUS Accounting

I am using CLearPass but in your case you need to define the FreeRADIUS RADIUS server group
2018-05-18 09_48_52-Configuration.png

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor

Re: ArubaOS8 RADIUS Accounting

Thanks for the reply Victor.

How do I associate a AAA profile with management access?  As far as I can tell the AAA profiles are only for SSID use.  The controllers are new so I have not setup any custom profiles yet but I added my RADIUS server group to every built in profile and I'm not getting any messages when I make a configuration change (for example I added a static route).  The screenshot below is where I would expect to see an option for RADIUS accounting.

Capture.PNG

Re: ArubaOS8 RADIUS Accounting

I think we are talking two different things.

Are you talking about the accounting for your wireless authentication or for TACACs ?

If it is for wireless authentication then you need to go under AAA profile

For TACACs the option is in the screenshot you provided
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor

Re: ArubaOS8 RADIUS Accounting

I'm not talking about wireless authentication, I'm talking about administrative authentication and accounting.

 

We are not using TACACS however, we are using FreeRADIUS to accomplish this.  If I try to check the box for "TACACS accounting" I receive an error that the server type is invalid (because it is a RADIUS server, not TACACS).  For instance, we just rolled out RADIUS authentication and accounting for our Juniper switches and our RADIUS server receives all accounting messages from the Juniper switches for every configuration change comitted.

 

The more I'm looking at this, I'm guessing there is no option for RADIUS accounting for administrative functions on ArubaOS, seems TACACS is the only option to capture this (or syslog).

 

Thanks for your help!

Re: ArubaOS8 RADIUS Accounting

My bad , misread your requirements.

Doesn’t look like it is possible for RADIUS

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: