If RADIUS accounting is enabled and the DHCP server assigns an IP address to a DHCP client, the server sends a RADIUS accounting start to the relevant accounting server (or the backup RADIUS server). If the DHCP lease expires because no extension was requested, the DHCP server sends a RADIUS accounting stop. In between these two events, the DHCP server regularly sends the RADIUS server a RADIUS accounting interim update in a configurable interval.
To enable or disable RADIUS accounting for the DHCP server, go to Activate DHCP lease RADIUS accounting.
and click on the optionThe input box Accounting interim interval configures the interval for the RADIUS interim updates. You configure the RADIUS accounting server and the corresponding backup server by clicking on DHCP lease RADIUS accounting.
- Network name
- Select here the name of the network for which RADIUS accounting messages are to be sent.
- Server IP address
- Enter the IP address or the DNS name of the RADIUS server (IPv4 or IPv6).
- Port
- Enter the TCP port used by the RADIUS server to receive accounting information. That is usually the port "1813".
- Key
- Enter the key (shared secret) for access to the RADIUS accounting server here. Ensure that this key is consistent with that in the accounting server.
- Source address (optional)
- By default, the RADIUS server sends its replies back to the IP address of your device without having to enter it here. By entering an optional alternative loopback address, you change the source address and route used by the device to connect to the RADIUS server. This can be useful, for example, when the server is available over different paths and it should use a specific path for its reply message.
- Protocol
- Use this entry to specify the protocol used by the DHCP server to communicate with the RADIUS accounting server.
- Attribute values
-
LCOS facilitates the configuration of the RADIUS attributes used to communicate with a RADIUS server (for authentication and accounting).
The attributes are specified in a semicolon-separated list of attribute numbers or names along with a corresponding value in the form <Attribute_1>=<Value_1>;<Attribute_2>=<Value_2>.
As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
- NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or NAS-Port-Type).
- NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
- %n
- Device name
- %e
- Serial number of the device
- %%
- Percent sign
- %{name}
- Original name of the attribute as transferred by the RADIUS application. This allows attributes to be set with the original RADIUS attributes, for example: Called-Station-Id=%{NAS-Identifier} sets the attribute Called-Station-Id to the value with the attribute NAS-Identifier.
- Backup server IP address
- Enter the IP address or the DNS name of the backup RADIUS server.
- Backup server port
- Enter the TCP port used by the backup RADIUS server to receive accounting information. That is usually the port "1813".
- Backup server secret
- Enter the key (shared secret) for access to the backup RADIUS accounting server here. Ensure that this key is consistent with that in the accounting server.
- Source address (optional)
- Here you optionally specify an alternative source address that the DHCP server transfers to the backup RADIUS server.
- Protocol
- Use this entry to specify the protocol that the DHCP server uses for the RADIUS accounting server.
- Backup server attr. values
- Here you specify any additional attribute values for the RADIUS communication with the backup server.