KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

181

182

183

184

185

186

187

188

189

190

Table 13 Client records provided under port-based access control (continued)

• Nas-Port

• •Acct-Terminate-Cause NAS-Identifier

• Acct-Output-Octets

• •Acct-Authentic Calling-Station-Id

• Acct-Session-Time

• •Acct-Delay-Time HP-acct-terminate-cause

• User-Name

• •Acct-Input-Packets MS-RAS-Vendor

• Exec accounting

Provides records holding the information listed below about login sessions (console, Telnet,

and SSH) on the switch:

• NAS-IP-Address• Acct-Delay-Time• Acct-Session-Id

• ••Acct-Status-Type NAS-IdentifierAcct-Session-Time

•• •User-NameAcct-Terminate-Cause Calling-Station-Id

••• MS-RAS-VendorService-TypeAcct-Authentic

• System accounting

Provides records containing the information listed below when system events occur on the

switch, including system reset, system boot, and enabling or disabling of system accounting.

• NAS-Identifier• Acct-Delay-Time• Acct-Session-Id

• ••Acct-Status-Type Calling-Station-IdUsername

•• •Service-TypeAcct-Terminate-Cause Acct-Session-Time

••• MS-RAS-VendorNAS-IP-AddressAcct-Authentic

• Commands accounting

Provides records containing information on CLI command execution during user sessions.

• Calling-Station-Id• User-Name• Acct-Session-Id

• ••Acct-Status-Type HP-Command-StringNAS-IP-Address

•• •NAS-IdentifierService-Type Acct-Delay-Time

•• NAS-Port-TypeAcct-Authentic

• RADIUS accounting with IP attribute

The RADIUS Attribute 8 (Framed-IP-Address) feature provides the RADIUS server with information

about the client's IP address after the client is authenticated. DHCP snooping is queried for

the IP address of the client, so DHCP snooping must be enabled for the VLAN of which the

client is a member.

When the switch begins communications with the RADIUS server it sends the IP address of the

client requesting access to the RADIUS server as RADIUS Attribute 8 (Framed-IP-Address) in

the RADIUS accounting request. The RADIUS server can use this information to build a map

of usernames and addresses.

It may take a minute or longer for the switch to learn the IP address and then send the

accounting packet with the Framed-IP-Address attribute to the RADIUS server. If the switch

does not learn the IP address after a minute, it sends the accounting request packet to the

RADIUS server without the Framed-IP-Address attribute. If the IP address is learned at a later

time, it will be included in the next accounting request packet sent.

186 RADIUS Authentication, Authorization, and Accounting