Security

Reply
Contributor II

machine/user auth and accounting periodic update

Hey!

 

I have turned on user or computer authentication and it works fine.  Computer names and users are logged and given access from the policy manager - good news.

 

However the gateway stops after a minute.  After using a stopwatch I saw that it always went off after precisely one minute.

 

It is due to: aaa accounting update periodic 1 in the HP switch programming.

 

Changing it to 5 gives you 5 minutes of internet.  I have removed this command.

 

Is this normal? and do I need the command for other purposes?

Re: machine/user auth and accounting periodic update

Instead of periodic, can you set accounting to start-stop instead?

 

If your using ClearPass, RADIUS accounting is necessary for licensing (6.7) and to have proper Accounting data in ClearPass. You would also want RADIUS Interim-Accounting set to True in the server's RADIUS settings.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!

Re: machine/user auth and accounting periodic update

In addition - the default should be 0 / disabled.

 

HPE Networking: http://h22208.www2.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/ch06s13.html

 

Snippet from the link above:

Syntax:

[no] aaa accounting update periodic <1-525600>

Sets the accounting update period for all accounting sessions on the switch.

The no form disables the update function and resets the value to zero.

Default: zero; disabled

 



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Contributor II

Re: machine/user auth and accounting periodic update

Hi, Thanks for this

 

I have Log Accounting Interim-Update Packets set to TRUE

I had disabled/set to 0 the aaa accounting periodic update previously

 

I have added:

 

aaa accounting exec start-stop radius

aaa accounting network start-stop radius

 

to the switch programming - does it need both these commands for clearpass - assuming they are correct?

 

Thank you for your help

 

Re: machine/user auth and accounting periodic update

Exec would be for administration of the switch - console, ssh, telnet.

 

Network would be for device authentications on the ports.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Contributor II

Re: machine/user auth and accounting periodic update

great, thanks for clearing that up I will go with 

 

aaa accounting network start-stop radius

 

then 

Guru Elite

Re: machine/user auth and accounting periodic update

Be sure to follow the ClearPass Solution Guide for Wired Policy Enforcement for fully validated configurations.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: