KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

191

192

193

194

195

196

197

198

199

200

Executive accounting

Provides records holding the information listed below about login sessions (console, Telnet, and

SSH) on the switch:

NAS-IP-AddressAcct-Delay-TimeAcct-Session-ID

NAS-IdentifierAcct-Session-TimeAcct-Status-Type

Calling-Station-IdUser-NameAcct-Terminate-Cause

MS-RAS-VendorService-TypeAcct-Authentic

System accounting

Provides records containing the information listed below when system events occur on the switch,

including system reset, system boot, and enabling or disabling of system accounting.

NAS-IdentifierAcct-Delay-TimeAcct-Session-ID

Calling-Station-IdUser-NameAcct-Status-Type

Acct-Session-TimeService-TypeAcct-Terminate-Cause

MS-RAS-VendorNAS-IP-AddressAcct-Authentic

Commands accounting

Provides records containing information on CLI command execution during user sessions.

Calling-Station-IdUser-NameAcct-Session-ID

HP-Command-StringNAS-IP-AddressAcct-Status-Type

Acct-Delay-TimeNAS-IdentifierService-Type

Nas-Port-TypeAcct-Authentic

NOTE: For improved interoperability with Cisco ACS, the Calling-Station-Id RADIUS attribute

and Remote Address TACACS+ fields are sent in authentication requests for management telnet,

ssh, and http service. This provides the authentication server with the remote IP Address of the

connecting station, if available, to provide more granular access policies and auditing based on

incoming source IP Address.

RADIUS accounting with IP attribute

The RADIUS Attribute 8 (Framed-IP-Address) feature provides the RADIUS server with information

about the client’s IP address after the client is authenticated. DHCP snooping is queried for the IP

address of the client, so DHCP snooping must be enabled for the VLAN of which the client is a

member.

When the switch begins communications with the RADIUS server it sends the IP address of the

client requesting access to the RADIUS server as RADIUS Attribute 8 (Framed-IP-Address) in the

RADIUS accounting request. The RADIUS server can use this information to build a map of usernames

and addresses.

It may take a minute or longer for the switch to learn the IP address and then send the accounting

packet with the Framed-IP-Address attribute to the RADIUS server. If the switch does not learn the

IP address after a minute, it sends the accounting request packet to the RADIUS server without the

Framed-IP-Address attribute. If the IP address is learned at a later time, it will be included in the

next accounting request packet sent.

Overview 191