There are two RADIUS logs that are the Accounting and Postauth.
The main difference is in which time a log is written. The Accounting log is saving while users are using a network after network access is granted.
However, the Postauth is written immediately after processing every ACCESS-REQUEST from users.
For IEEE 802.1X Authenticators, this attribute is used to store the Supplicant MAC address.
Some NAS devices may not support accounting. Also, depends on the NAS device, the according may be a little different.
| Items | Attribute name | Description |
|---|---|---|
| Username | User-Name | It indicates the name of the user to be authenticated. |
| Calling-Station-ID | Calling-Station-Id | This Attribute allows the NAS to send in the Access-Request packet the phone number that the call came from, using Automatic Number Identification (ANI) or similar technology.
For IEEE 802.1X Authenticators, this attribute is used to store the Supplicant MAC address. |
| Calling-Station-ID(nostrip) | Calling-Station-Id | This is the same as the above except for stripping the delimiters. |
| Host IPv4 Address | Framed-IP-Address | It is the IPv4 address of a supplicant. |
| Host IPv6 Address | Framed-IPv6-Address | It is the IPv6 address of a supplicant. |
| realm | Realm | It is the name of realm in a username. |
| NAS | NAS-IP-Address | It is the IP address of a NAS. |
| NAS ID | NAS-Identifier | It is the the NAS Identifier. |
| NAS Port ID | NAS-Port-Id | It identifies the port of the NAS which is authenticating the user. This typically matches the interface description.[1] |
| NAS Port Type | NAS-Port-Type | It indicates the type of physical port the NAS is using to authenticate the user. [2] |
| Save Time | - | The date and time that the Accounting was saved in the local database. This value changes whenever the Accounting is received. |
| Start Time | - | The first date and time that network access is granted. |
| Stop Time | - | The date and time that network access is closed. If this value is blank, it means that the user is still using network. |
| Update Time | - | The recent date and time of the Accounting was received. |
| Session Time | Acct-Session-Time | This attribute indicates how many seconds the user has received service for. |
| Input | Acct-Input-Packets | This attribute indicates how many packets have been received from the port over the course of this service being provided to a Framed User. |
| Output | Acct-Output-Packets | This attribute indicates how many packets have been sent to the port in the course of delivering this service to a Framed User. |
| Authentic | Acct-Authentic | It indicates how the user was authenticated and is either RADIUS, Local, or Remote.[4] The RADIUS means that a user was authenticated by a RADIUS server. The Local means that a user was authenticated by a NAS. The Remote means that a user was authenticated by others. |
| Interval | Acct-Interim-Interval | It indicates the number of seconds between each interim update in seconds.[5] |
| Terminate-Cause | Acct-Terminate-Cause | It indicates how the session was terminated.[6] |
| Called-Station-ID | Called-Station-ID | For IEEE 802.1X Authenticators, this attribute is used to store the bridge or Access Point MAC address.[7][8] |
| Service Type | Service-Type | This Attribute indicates the type of service the user has requested, or the type of service to be provided.[9] |
| coning | Connect-Info | This attribute is sent from the NAS to indicate the nature of the user's connection.[10] |
| Message | - | It is generated by authentication processing results, refer to the "Authentication Processing Messages" section for the main messages originating from Access-Reject. |
References
- ↑ https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/rd_naspt.html#wp1066674
- ↑ https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/rd_naspt.html#wp1049275
- ↑ https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-13
- ↑ https://tools.ietf.org/html/rfc2866#page-16
- ↑ https://tools.ietf.org/html/rfc2869#page-36
- ↑ https://tools.ietf.org/html/rfc2866#page-19
- ↑ https://www.oreilly.com/library/view/radius/0596003226/re07.html
- ↑ https://tools.ietf.org/html/rfc2865#page-50
- ↑ https://tools.ietf.org/html/rfc2865#page-31
- ↑ https://tools.ietf.org/html/rfc2869#page-30