This article applies to Aruba Mobility Controllers running ArubaOS version 6.3.0.0 and higher
Pre ArubaOS 6.3.0.0, RADIUS accounting was supported only for Access Points with tunnel and split-tunnel forwarding modes. Starting from ArubaOS 6.3.0.0, Radius accounting is also supported for Bridge mode to send prior to user statistics in accounting start, stop and interim records.
|
NOTE: As of ArubaOS 6.3.0.0, Radius accounting is supported for Bridge mode RAPs or CPSec-APs only if "Remote-AP Operation" is set to "Standard". Not supported if Remote-AP Operation mode is Persistent, Always or Backup modes.
Radius accounting for split client is supported from 6.2 onwards
|
When Radius accounting is enabled in the AAA profile, Radius accounting start and stop records will be sent to the server. Accounting start record is sent when user authenticates. Stop record is sent when user logs out or is deleted from the system. Every 15 seconds, Campus AP sends cumulative messages (accounting statistics of every client clubbed in one update) to the controller. For RAP, the interval is 1 minute.
If interim accounting is enabled, controller sends updates to the Radius server at fixed intervals. Each interim update includes cumulative user statistics. By default, the interval is 10 minutes, but this can changed using the CLI command "aaa timers stats-timeout" in the config mode. Valid range is 300-600 seconds or 5-10 minutes.
NOTE:
- Radius accounting is supported only for wireless users
- When user disconnect from an AP, no interim update is sent from AP to controller.
- In case of RAP, user statistics are sent to controller every 1 minute, irrespective of whether the Interim Accounting is enabled or not.
In order to troubleshoot, radius accounting issues, below logging needs to be enabled:
logging level debugging security subcat aaa
logging level debugging security subcat dot1x