DHCP lease RADIUS accounting

If RADIUS accounting is enabled and the DHCP server assigns an IP address to a DHCP client, the server sends a RADIUS accounting start to the relevant accounting server (or the backup RADIUS server). If the DHCP lease expires because no extension was requested, the DHCP server sends a RADIUS accounting stop. In between these two events, the DHCP server regularly sends the RADIUS server a RADIUS accounting interim update in a configurable interval.

To enable or disable RADIUS accounting for the DHCP server, go to IPv4 > DHCPv4 and click on the option Activate DHCP lease RADIUS accounting.

The input box Accounting interim interval configures the interval for the RADIUS interim updates. You configure the RADIUS accounting server and the corresponding backup server by clicking on DHCP lease RADIUS accounting.





Network name
Select here the name of the network for which RADIUS accounting messages are to be sent.
Server IP address
Enter the IP address or the DNS name of the RADIUS server (IPv4 or IPv6).
Port
Enter the TCP port used by the RADIUS server to receive accounting information. That is usually the port "1813".
Key
Enter the key (shared secret) for access to the RADIUS accounting server here. Ensure that this key is consistent with that in the accounting server.
Source address (optional)
By default, the RADIUS server sends its replies back to the IP address of your device without having to enter it here. By entering an optional alternative loopback address, you change the source address and route used by the device to connect to the RADIUS server. This can be useful, for example, when the server is available over different paths and it should use a specific path for its reply message.
Protocol
Use this entry to specify the protocol used by the DHCP server to communicate with the RADIUS accounting server.
Attribute values
LCOS facilitates the configuration of the RADIUS attributes used to communicate with a RADIUS server (for authentication and accounting). The attributes are specified in a semicolon-separated list of attribute numbers or names along with a corresponding value in the form <Attribute_1>=<Value_1>;<Attribute_2>=<Value_2>. As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
  • NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or NAS-Port-Type).
  • NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications Service-Type=Framed and Service-Type=2 are identical. Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons or equals signs. The quotation mark requires a leading backslash (\"), as does the backslash itself (\\). The following variables are permitted as values:
%n
Device name
%e
Serial number of the device
%%
Percent sign
%{name}
Original name of the attribute as transferred by the RADIUS application. This allows attributes to be set with the original RADIUS attributes, for example: Called-Station-Id=%{NAS-Identifier} sets the attribute Called-Station-Id to the value with the attribute NAS-Identifier.
Backup server IP address
Enter the IP address or the DNS name of the backup RADIUS server.
Backup server port
Enter the TCP port used by the backup RADIUS server to receive accounting information. That is usually the port "1813".
Backup server secret
Enter the key (shared secret) for access to the backup RADIUS accounting server here. Ensure that this key is consistent with that in the accounting server.
Source address (optional)
Here you optionally specify an alternative source address that the DHCP server transfers to the backup RADIUS server.
Protocol
Use this entry to specify the protocol that the DHCP server uses for the RADIUS accounting server.
Backup server attr. values
Here you specify any additional attribute values for the RADIUS communication with the backup server.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo