Radius Server can be configured on Identifi controller and can be configured to send accounting information at the time of Authentication/Authorization. There is additional function named Interim Accounting Interval which can be used to send accounting message periodically every configured period. In below configuration, controller configured to send interim accounting message every one minute.
As a result, controller send Radius Accounting message every one minute. ( Verified by packet capture.)
RADIUS SSO Requirements ( From Watchguard )
You can use RADIUS Single Sign-On with wireless access point or other RADIUS clients that include the required information in the RADIUS accounting messages. For RADIUS SSO to operate, the RADIUS accounting Start, Stop, and Interim-Update accounting messages sent by the RADIUS client must include these attributes:
- User-Name — The name of the authenticated user
- Framed-IP-Address — The client IP address of the authenticated user
WatchGuard AP devices that use the latest version of AP firmware meet these requirements. Other wireless access points that support these requirements should also operate correctly for RADIUS SSO.
Some access points do not assign the client IP address until after the user authenticates. For these access points, the Start accounting message might not include the Framed-IP-Address attribute. After the user authenticates, the access point immediately sends an Interim-Update accounting message that includes the Framed-IP-Address attribute. Even though the Start message does not include the Framed-IP-Address attribute, RADIUS SSO functions correctly.
How Radius SSO works. ( From WatchGuard )
When a user connects and authenticates to a RADIUS client, such as a wireless access point, the RADIUS client sends accounting messages to the RADIUS server. The RADIUS server sends these accounting messages to the Firebox and the Firebox creates a firewall session for the user at the specified client IP address. When the user disconnects, the RADIUS server sends an accounting message to the Firebox and the Firebox removes the user session
This comment has been removed by a blog administrator.
ReplyDelete