Roaming-triggered Interim Radius Accounting message

MVP Expert
MVP Expert
Requirement:

Controller to trigger "Interim Radius Accounting message " when th client roams from one AP to another AP.

 



Solution:

This feature requires AOS to notify RADIUS server(s) about roaming events on wireless clients by using RADIUS Accounting protocol (RFC-2866). It will allow customers to track current location of clients by examining their RAIDUS accounting servers.

AOS Roaming RADIUS Accounting Service creates an Accounting-Session for each wireless client. This session beginning with a RADIUS Start Accounting record, following with zero or more RADIUS Interim-Update Accounting records, and ending with a RADIUS Stop Accounting record. This RADIUS Interim-Update Accounting record is triggered whenever the wireless client roams to a different AP

 



Configuration:

CLI:

 

(config) #aaa profile 643aaa 

(AAA Profile "643aaa") #radius-roam-accounting

 

#show aaa profile 643aaa 

AAA Profile "643aaa"

--------------------

Parameter                             Value

--------------

RADIUS Accounting Server Group        cppm

RADIUS Roaming Accounting             Enabled

RADIUS Interim Accounting             Enabled                                        



Verification

Enable the below logging

•logging level debugging security

•logging level debugging security process authmgr subcat aaa

 

Existing show command like “show auth-tracebuf” and “show log security” can be used to determine roaming triggered radius interim packet.

 

#show user

 

Users

-----

    IP             MAC            Name     Role           Age(d:h:m)  Auth    VPN link  AP name          Roaming             Essid/Bssid/Phy                         Profile  Forward mode

----------    ------------       ------    ----           ----------  ----    --------  -------  -------                        ---------------        -------  ------------                             ----  ---------

10.15.24.244  60:03:08:98:25:98  smoke1    authenticated  00:00:03    802.1x   ap205h   Wireless  testroam/6c:f3:7f:7f:96:10/a-VHT  testaaa  tunnel

 

Aruba7210) #show auth-tracebuf  count 10

 

Auth Trace Buffer

-----------------

 

Mar 14 03:29:31  rad-acct-start            ->  60:03:08:98:25:98      9c:1c:12:97:55:d0/win  -   -

Mar 14 03:29:47  ap-up                           *                                         6c:f3:7f:7f:96:10            -   -    wpa2 aes

Mar 14 03:29:54  station-down              *  60:03:08:98:25:98      9c:1c:12:97:55:d0          -   -

Mar 14 03:30:01  station-up                    *  60:03:08:98:25:98      6c:f3:7f:7f:96:10            -   -    wpa2 aes

Mar 14 03:30:01  eap-id-req                   <-  60:03:08:98:25:98     6c:f3:7f:7f:96:10            1   5

Mar 14 03:30:01  rad-acct-int-update   ->  60:03:08:98:25:98      6c:f3:7f:7f:96:10/win   -   -

 

(Aruba7205) #show log security 100 | include aaa

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2307] Sending radius request to win:10.15.24.102:1813 id:14,len:281

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  User-Name: smoke1

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  NAS-IP-Address: 10.15.24.14

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  NAS-Port-Id: 0

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  NAS-Port-Type: Wireless-IEEE802.11

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Acct-Session-Id: smoke1600308982598-58C7D41C-4FDE

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Event-Timestamp: 03/14/2017 11:30:02

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Acct-Multi-Session-Id: 600308982598-0000000001

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Framed-IP-Address: 10.15.24.244

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Calling-Station-Id: 600308982598

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Called-Station-Id: 000B86B73C07

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Class: Q\304\006Y

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Acct-Delay-Time: 0

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Aruba-Essid-Name: testroam

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Aruba-Location-Id: ap205h

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Aruba-AP-Group: default

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Aruba-User-Role: authenticated

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Aruba-User-Vlan: 24

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2321]  Aruba-Device-Type: (VSA with invaild length - Don't send it)

Mar 14 03:30:02 :121031:  <5392> <DBUG> |authmgr| |aaa| [rc_server.c:2323]  Acct-Status-Type: Interim-Update

Mar 14 03:30:02 :121031:  <4107> <DBUG> |authmgr| |aaa| [rc_request.c:79] Find Request: id=14, srv=10.15.24.102, fd=65

Mar 14 03:30:02 :121031:  <4107> <DBUG> |authmgr| |aaa| [rc_request.c:85]  Current entry: srv=10.15.24.102, fd=65

Mar 14 03:30:02 :121031:  <4107> <DBUG> |authmgr| |aaa| [rc_request.c:40] Del Request: id=14, srv=10.15.24.102, fd=65

Mar 14 03:30:02 :121031:  <4107> <DBUG> |authmgr| |aaa| [rc_api.c:1229] Authentication Successful

 

 

 

 

Version history
Revision #:
2 of 2
Last update:
‎03-21-2019 11:31 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: