Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ArubaOS8 RADIUS Accounting

This thread has been viewed 16 times

  • 1.  ArubaOS8 RADIUS Accounting

    Posted May 18, 2018 09:47 AM

    Hey guys,

    I'm having a real tough time trying to find documentation on how to get RADIUS accounting working for controller management.  We have 7205 controllers in HA mode and I was able to get RADIUS authentication working properly with our FreeRADIUS server but I cannot find any options to send accounting info (config changes is what I mostly want to capture).  There is a checkbox for TACACS accounting but nothing for RADIUS.  The only location I see for adding RADIUS accounting is under AAA profiles but I don't see an option to associate a AAA profile with management access.  Is syslog the only way to capture this if we're not using TACACS?

     

    Please help!



  • 2.  RE: ArubaOS8 RADIUS Accounting

    Posted May 18, 2018 09:51 AM

    I am using CLearPass but in your case you need to define the FreeRADIUS RADIUS server group
    2018-05-18 09_48_52-Configuration.png



  • 3.  RE: ArubaOS8 RADIUS Accounting

    Posted May 18, 2018 10:06 AM

    Thanks for the reply Victor.

    How do I associate a AAA profile with management access?  As far as I can tell the AAA profiles are only for SSID use.  The controllers are new so I have not setup any custom profiles yet but I added my RADIUS server group to every built in profile and I'm not getting any messages when I make a configuration change (for example I added a static route).  The screenshot below is where I would expect to see an option for RADIUS accounting.

    Capture.PNG



  • 4.  RE: ArubaOS8 RADIUS Accounting

    Posted May 18, 2018 10:10 AM
    I think we are talking two different things.

    Are you talking about the accounting for your wireless authentication or for TACACs ?

    If it is for wireless authentication then you need to go under AAA profile

    For TACACs the option is in the screenshot you provided


  • 5.  RE: ArubaOS8 RADIUS Accounting

    Posted May 18, 2018 10:35 AM

    I'm not talking about wireless authentication, I'm talking about administrative authentication and accounting.

     

    We are not using TACACS however, we are using FreeRADIUS to accomplish this.  If I try to check the box for "TACACS accounting" I receive an error that the server type is invalid (because it is a RADIUS server, not TACACS).  For instance, we just rolled out RADIUS authentication and accounting for our Juniper switches and our RADIUS server receives all accounting messages from the Juniper switches for every configuration change comitted.

     

    The more I'm looking at this, I'm guessing there is no option for RADIUS accounting for administrative functions on ArubaOS, seems TACACS is the only option to capture this (or syslog).

     

    Thanks for your help!



  • 6.  RE: ArubaOS8 RADIUS Accounting
    Best Answer

    Posted May 18, 2018 12:09 PM
    My bad , misread your requirements.

    Doesn’t look like it is possible for RADIUS

    Sent from Mail for Windows 10