NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
M7100-24X does RADIUS auth but no acccounting
We have an M7100-24X (11.0.0.31 firmware) configured to do RADIUS AAA on all auth lists for the management console. It does the authentication part just fine, but it never sends any accounting packet...
I've already run tcpdump on the accounting server, which is directly connected to the switch. There is traffic on port 1812 when the user authenticates, but none on 1813 (the accounting port).
And the switch's own sats show it is not generating accounting traffic:
OK, it looks like you cannot enable account through the Web UI alone. You have to enable it per line from the command-line. But...there doesn't seem to be a way to select the http or https lines.
(M7100-24X) (Config)#show accounting methods AcctType MethodName MethodType Method1 Method2 --------- ---------------- ------------- --------- --------- Exec dfltExecList start-stop radius Exec httpsList start-stop radius Exec loginList start-stop radius Exec HttpsList start-stop radius Commands dfltCmdList stop-only tacacs DOT1X dfltDot1xList start-stop radius Line EXEC Method List Command Method List --------- -------------------- -------------------- Console dfltExecList none Telnet none none SSH dfltExecList none HTTPS none none HTTP none none (M7100-24X) (Config)#line ? console Enter into Line Console Config Mode. ssh Enter into Line SSH Config Mode. telnet Enter into Line Telnet Config Mode. (M7100-24X) (Config)#line
So that implies there is no way to do accounting for any Web logins. Which seems like a pretty big hole.
What, if anything, am I missing here?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
