NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
M7100-24X does RADIUS auth but no acccounting
We have an M7100-24X (11.0.0.31 firmware) configured to do RADIUS AAA on all auth lists for the management console. It does the authentication part just fine, but it never sends any accounting packet...
I understand that you do not want to just update the firmware. With regard to that, I suggest you to set up port mirroring on the M7100-24X. Select a port as a source port on the M7100-24X where the user is directly connected. Then, select another port as a destination port on the M7100-24X where a PC with Wireshark installed is directly connected. Run Wireshark and observe. It would be best that Wireshark would be able to capture that there is 0 accounting traffic whenever a user logs in.
Kindly read pages 700-701 of the M7100 user manual here on how to set up port mirroring. You may download Wireshark here. Also, check this link I found online and use it as a guide on how to use Wireshark.
For the captured packets to be analyzed, kindly open a chat or online support ticket with NETGEAR Support at anytime. Attach the captured packets from Wireshark on the support ticket you have opened for it to be investigated by the NETGEAR Support team.
Regards,
DaneA
NETGEAR Community Team
I've already run tcpdump on the accounting server, which is directly connected to the switch. There is traffic on port 1812 when the user authenticates, but none on 1813 (the accounting port).
And the switch's own sats show it is not generating accounting traffic:
OK, it looks like you cannot enable account through the Web UI alone. You have to enable it per line from the command-line. But...there doesn't seem to be a way to select the http or https lines.
(M7100-24X) (Config)#show accounting methods AcctType MethodName MethodType Method1 Method2 --------- ---------------- ------------- --------- --------- Exec dfltExecList start-stop radius Exec httpsList start-stop radius Exec loginList start-stop radius Exec HttpsList start-stop radius Commands dfltCmdList stop-only tacacs DOT1X dfltDot1xList start-stop radius Line EXEC Method List Command Method List --------- -------------------- -------------------- Console dfltExecList none Telnet none none SSH dfltExecList none HTTPS none none HTTP none none (M7100-24X) (Config)#line ? console Enter into Line Console Config Mode. ssh Enter into Line SSH Config Mode. telnet Enter into Line Telnet Config Mode. (M7100-24X) (Config)#line
So that implies there is no way to do accounting for any Web logins. Which seems like a pretty big hole.
What, if anything, am I missing here?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
