[j-nsp] Radius accounting
evan.2.williams at bt.com
evan.2.williams at bt.com
Wed Nov 29 15:59:29 EST 2006
Been working on getting radius to work to cisco acs, authentcation is
fine, but accounting I get this all the time.
Nov 29 20:31:40 Event:Cmd uname:fester Cmd - "file list "
Nov 29 20:31:40 Radius record: sess-id:AED4533A001 status-type:update
uname:********
Nov 29 20:31:40 auditd_rad_send: sent rad message
Nov 29 20:31:45 AUDITD_RADIUS_REQUEST_TIMED_OUT:
auditd_rad_timeout_handler: retransmitted request to RADIUS server
10.213.36.142
Nov 29 20:31:50 AUDITD_RADIUS_REQUEST_TIMED_OUT:
auditd_rad_timeout_handler: retransmitted request to RADIUS server
10.213.36.142
Nov 29 20:31:55 AUDITD_RADIUS_REQUEST_DROPPED:
auditd_rad_timeout_handler: discarding Accounting-Request message; no
RADIUS server responded
Nov 29 20:31:55 auditd_rad_clear: cleared timer
Nov 29 20:31:55 auditd_rad_clear: deselected the reader
Nov 29 20:31:55 auditd_rad_dispatch: no more records in queue; all
dispatched.
No accounting port has been set, and here is the accounting destination
set up
destination {
/* sets the radius accounting to the ACS */
radius {
server {
10.213.36.142 {
secret "$9$IGQEhrvMX-b2BIK87N2gJGDkPQ"; ## SECRET-DATA
timeout 5;
source-address 212.31.220.58;
}
}
}
}
show configuration firewall family inet filter <********> term radius
from {
source-prefix-list {
radius-addresses;
}
protocol udp;
source-port radius;
}
then {
policer radius-policer;
count radius;
accept;
}
I have the Cisco ACS address in the policy-options prefix-list
radius-addresses
Appreciate any tips on this.
Evan Williams
More information about the juniper-nsp
mailing list