Advanced Configuration
RADIUS Accounting
Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by
sending RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS
accounting is initiated by sending an “Accounting Start” request to the RADIUS server. When the wireless client
session ends, an “Accounting Stop” request is sent to the RADIUS server.
Session Length
Accounting sessions continue when a client reauthenticates to the same AP. Sessions are terminated when:
• A client disassociates.
• A client does not transmit any data to the AP for a fixed amount of time.
• A client is detected on a different interface.
If the client roams from one AP to another, one session is terminated and a new session is begun.
NOTE
This feature requires RADIUS authentication using MAC Access Control or 802.1x. Wireless clients
configured in the Access Point’s static MAC Access Control list are not tracked.
Configuring RADIUS Accounting
Follow these steps to enable RADIUS accounting on the AP:
1.
Within the
RADIUS Accounting Configuration
screen, place a check mark in the
Enable RADIUS Accounting
box to turn on this feature.
2. Place a check mark in the box labeled
Enable Primary RADIUS Accounting Server
.
3.
If you want to configure a back-up RADIUS server, place a check mark in the box labeled
Enable Back-up
RADIUS Accounting Server
.
4.
Enter the session timeout interval in minutes within the
Accounting Inactivity Timer
field. An accounting session
automatically ends for a client that is idle for the period of time specified. Range is 1-60 minutes; default is
5 minutes.
5. Select a
Server Addressing Format
type (IP Address or Name).
•
If you want to identify RADIUS servers by name, you must configure the Access Point as a DNS Client. See
for details.
6. Enter the server’s IP address or name in the field provided.
7.
Enter the port number which the AP and the server will use to communicate. By default, RADIUS accounting uses
port 1813.
8.
Enter the Shared Secret in the
Shared Secret
and
Confirm Shared Secret
field. This is a password shared by the
RADIUS server and the AP. The same password must also be configured on the RADIUS server.
9.
Enter the maximum time, in seconds, that the AP should wait for the RADIUS server to respond to a request in the
Response Time
field. Range is 1-10 seconds; default is 3 seconds.
10. Enter the maximum number of times an authentication request may be retransmitted in the
Maximum
Retransmissions
field. Range is 1-4; default is 3.
11. If you are configuring a back-up server, repeat Steps 5 through 10 for the back-up server.
12. Click
OK
to save your changes.
13. Reboot the AP device for these changes to take effect.
4-46