[j-nsp] Radius accounting

evan.2.williams at bt.com evan.2.williams at bt.com
Wed Nov 29 15:59:29 EST 2006


Been working on getting radius to work to cisco acs, authentcation is
fine, but accounting I get this all the time.

Nov 29 20:31:40 Event:Cmd uname:fester Cmd - "file list "
Nov 29 20:31:40 Radius record: sess-id:AED4533A001 status-type:update
uname:********
Nov 29 20:31:40 auditd_rad_send: sent rad message
Nov 29 20:31:45 AUDITD_RADIUS_REQUEST_TIMED_OUT:
auditd_rad_timeout_handler: retransmitted request to RADIUS server
10.213.36.142
Nov 29 20:31:50 AUDITD_RADIUS_REQUEST_TIMED_OUT:
auditd_rad_timeout_handler: retransmitted request to RADIUS server
10.213.36.142
Nov 29 20:31:55 AUDITD_RADIUS_REQUEST_DROPPED:
auditd_rad_timeout_handler: discarding Accounting-Request message; no
RADIUS server responded
Nov 29 20:31:55 auditd_rad_clear: cleared timer
Nov 29 20:31:55 auditd_rad_clear: deselected the reader
Nov 29 20:31:55 auditd_rad_dispatch: no more records in queue; all
dispatched.

No accounting port has been set, and here is the accounting destination
set up
destination {
    /* sets the radius accounting to the ACS */
    radius {
        server {
            10.213.36.142 {
                secret "$9$IGQEhrvMX-b2BIK87N2gJGDkPQ"; ## SECRET-DATA
                timeout 5;
                source-address 212.31.220.58;
            }
        }
    }
}
show configuration firewall family inet filter <********> term radius
from {
    source-prefix-list {
        radius-addresses;
    }
    protocol udp;
    source-port radius;
}
then {
    policer radius-policer;
    count radius;
    accept;
}
I have the Cisco ACS address in the policy-options prefix-list
radius-addresses

Appreciate any tips on this.

Evan Williams



More information about the juniper-nsp mailing list