Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

RADIUS - ProCurve 2650 - aaa accounting commands

Peter Wood Lancs
Occasional Visitor

RADIUS - ProCurve 2650 - aaa accounting commands

Good Afternoon,

I'm in the process of implementing RADIUS AAA for our 400 odd ProCurve installation. I have successfully managed to get all parts of this working, although have noticed an issue which isn't terminal but is annoying.

The switch sends an Access-Request, the identification information is verified and our RADIUS server sends back Access-Accept. So far so good, at this point the user is logged into the switch and they can configure it.

With "aaa accounting exec/system/network start-stop radius" (I don't recall which one exactly) I then see an Accounting-Request from the switch and we acknowledge with an Accounting-Response.

All fine and happy, I also noticed that we have "aaa accounting commands stop-only radius". With this option another Accounting-Request is sent every command that is entered, which again is good.

However, an Accounting-Request caused by "aaa accounting commands" does not match the Acct-Session-Id that was created by the login, and infact it increments one each time a command is "accounted".

Is this common? Has anyone else seen this issue? I'm testing this on a 2650 running H.10.50. My RADIUS config is below.

Many thanks for any info!

Peter.

aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

aaa accounting update periodic 5
aaa accounting network start-stop radius
aaa accounting exec start-stop radius
aaa accounting system start-stop radius
aaa accounting commands stop-only radius

radius-server key xxx
radius-server host 192.168.0.1
radius-server host 192.168.0.2