Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
191192193194195196197198199200
The switch forwards the accounting information it collects to the designated RADIUS server, where
the information is formatted, stored, and managed by the server. For more information on this
aspect of RADIUS accounting, see the documentation provided with your RADIUS server.
Operating rules for RADIUS accounting
You can configure up to four types of accounting to run simultaneously: exec, system, network,
and command.
RADIUS servers used for accounting are also used for authentication.
The switch must be configured to access at least one RADIUS server.
RADIUS servers are accessed in the order in which their IP addresses were configured in the
switch. Use show radius to view the order. As long as the first server is accessible and
responding to authentication requests from the switch, a second or third server will not be
accessed. For more on this topic, see “Changing RADIUS-server access order” (page 179).
If access to a RADIUS server fails during a session, but after the client has been authenticated
the switch continues to assume the server is available to receive accounting data. Thus, if
server access fails during a session, it will not receive accounting data transmitted from the
switch.
Acct-Session-ID Options in a Management Session
The switch can be configured to support either of the following options for the accounting service
types used in a management session. (See Accounting service types” (page 185).)
Unique Acct-Session-ID for each accounting service type used in the same management session
(the default)
Same Acct-Session-ID for all accounting service types used in the same management session
Unique Acct-Session-ID operation
In the Unique mode (the default), the various service types running in a management session operate
as parallel, independent processes. Thus, during a specific management session, a given service
type has the same Acct- Session-ID for all accounting actions for that service type. However, the
Acct- Session-ID for each service type differs from the ID for the other types.
NOTE: In Unique Acct-Session-ID operation, the Command service type is a special case in which
the Acct-Session-ID for each executed CLI command in the session is different from the IDs for other
service types used in the session and also different for each CLI command executed during the
session. That is, the ID for each successive CLI command in the session is sequentially incremented
from the ID value assigned to the immediately preceding CLI command in that session.
192 RADIUS Authentication, Authorization, and Accounting