RADIUS Server Accounting

You can configure accounting to measure the resources that another user consumes during access.

User

#configure terminal

Enter configure mode.

(config)#radius-server login host 10.12.17.11 vrf management key 7 seq-num 1 wawyanb123 auth-port 60000 acct-port 60000 timeout 6

Specify the radius server ipv4 address to be configured with authentication port number, accounting port number, shared key for management vrf. The radius server should be started with same port number.

(config)#radius-server login host 10.12.17.11 seq-num 2 key 7 wawyanb123 auth-port 60000 acct-port 60000 timeout 6

Specify the radius server ipv4 address to be configured with port number for default vrf.The radius server should be started with same port number

(config)#aaa accounting default vrf management group radius

Enable accounting for radius server configured for vrf management

(config)#aaa accounting default group radius

Enable accounting for radius server configured for default vrf

(config)#commit

Commit the candidate configuration to the running configuration

Validation

Copy 
#show aaa accounting vrf management
                VRF: management
  default: group radius
 
#show aaa accounting vrf all
                VRF: management
  default: group radius
 
                VRF: default
  default: group radius
 
#show aaa accounting
                VRF: default
  default: group radius
#
#show running-config aaa
aaa authentication login default vrf management group radius
aaa accounting default vrf management group radius
aaa group server radius rad1 vrf management
    server Radius-Server-1 vrf management
    server 100.0.0.1 vrf management
 
aaa authentication login default  group radius
aaa accounting default  group radius
aaa group server radius rad1
    server Radius-Server-1
    server 100.0.0.1

Sample Radius Clients.conf File

Copy 
client 10.12.58.20 {
  secret    = testing123
  shortname = localhost
}
client 192.168.1.2 {
  secret    = testing123
  shortname = localhost
}
client 10.12.37.196 {
  secret    = testing123
}
client 100.0.0.2 {
  secret    = testing123
  shortname = localhost
}
 
# IPv6 Client
#client ::1 {
#       secret          = testing123
#       shortname       = localhost
#}
#
# All IPv6 Site-local clients
#client fe80::/16 {
#       secret          = testing123
#       shortname       = localhost

Sample Radius Users Configuration File

Copy 
#
#DEFAULT
#       Service-Type = Login-User,
#       Login-Service = Rlogin,
#       Login-IP-Host = shellbox.ispdomain.com
 
# #
# # Last default: shell on the local terminal server.
# #
# DEFAULT
#       Service-Type = Administrative-User
 
# On no match, the user is denied access.
 
selftest Cleartext-Password := "password"
testuser1 Cleartext-Password := "user1@101"
testuser2 Cleartext-Password := "user2@202"
testuser3 Cleartext-Password := "user3@303"