Requirement:Piror to 4.2 IAP doesn’t support accounting for wired client.
Solution:Wired Accounting support Radius accounting for wired client that are connected to IAP. With this feature enabled, IAP will send Radius accounting packet to accounting server after client pass Radius authentication. The behavior of wired accounting is same with wireless accounting.
Configuration:CLI – configuration:
00:0b:86:a0:d9:00 (config) # wired-port-profile test
00:0b:86:a0:d9:00 (wired ap profile test) # radius-accounting ------------------ enable accounting
00:0b:86:a0:d9:00 (wired ap profile test) # radius-interim-accounting-interval 10 ---------------- accounting interval
00:0b:86:a0:d9:00 (wired ap profile test) # end
00:0b:86:a0:d9:003# commit apply
Use separate accounting mode
00:0b:86:a0:d9:00 (config) # wired-port-profile test
00:0b:86:a0:d9:00 (wired ap profile test) # radius-accounting ------ enable accounting
00:0b:86:a0:d9:00 (wired ap profile test) # radius-interim-accounting-interval 10 ------ accounting interval
00:0b:86:a0:d9:00 (wired ap profile test) # accounting-server acct-server-1 ------ configure separate accounting server
00:0b:86:a0:d9:00 (wired ap profile test) # accounting-server acct-server-2 ------ configure separate accounting server
00:0b:86:a0:d9:00 (wired ap profile test) # end
00:0b:86:a0:d9:003# commit apply
Configuration in running-cfg
!
wired-port-profile test
switchport-mode trunk
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name test
speed auto
duplex auto
poe
type employee
auth-server cppm244
accounting-server acct-server-1
accounting-server acct-server-2
captive-portal disable
dot1x
radius-accounting
radius-interim-accounting-interval 10
!
Enable wired accounting via UI
VerificationWired Accounting Debug
•show clients status <mac>”, check client accounting status and session-id
•show ap debug auth-trace-buf”, check accounting record
•security syslog, check accounting packet detail info
•Packet capture for accounting packet