The switch does not log 802.1x accounting information. Instead, it sends this information to the RADIUS
server, which must be configured to log accounting messages.
802.1x Accounting Attribute-Value Pairs
The information sent to the RADIUS server is represented in the form of Attribute-Value (AV) pairs. These
AV pairs provide data for different applications. (For example, a billing application might require information
that is in the Acct-Input-Octets or the Acct-Output-Octets attributes of a RADIUS packet.)
AV pairs are automatically sent by a switch that is configured for 802.1x accounting. Three types of RADIUS
accounting packets are sent by a switch:
•
START
–
sent when a new user session starts
•
INTERIM
–
sent during an existing session for updates
•
STOP
–
sent when a session terminates
You can view the AV pairs that are being sent by the switch by entering the
debug radius accounting
privileged EXEC command. For more information about this command, see the
Cisco IOS Debug Command
Reference, Release 12.4.
This table lists the AV pairs and when they are sent are sent by the switch.
Table 24: Accounting AV Pairs
STOP
INTERIM
START
AV Pair Name
Attribute Number
Always
Always
Always
User-Name
Attribute[1]
Always
Always
Always
NAS-IP-Address
Attribute[4]
Always
Always
Always
NAS-Port
Attribute[5]
Sometimes
Sometimes
Never
Framed-IP-Address
Attribute[8]
Always
Always
Always
Class
Attribute[25]
Always
Always
Always
Called-Station-ID
Attribute[30]
Always
Always
Always
Calling-Station-ID
Attribute[31]
Always
Always
Always
Acct-Status-Type
Attribute[40]
Always
Always
Always
Acct-Delay-Time
Attribute[41]
Always
Always
Never
Acct-Input-Octets
Attribute[42]
Always
Always
Never
Acct-Output-Octets
Attribute[43]
Always
Always
Always
Acct-Session-ID
Attribute[44]
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29434-01
225
Configuring IEEE 802.1x Port-Based Authentication
802.1x Accounting Attribute-Value Pairs