1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
Cisco IOS 11.x and Radius
For Cisco 11.1, you normally use
aaa new-model
aaa authentication ppp radppp if-needed radius
aaa authorization network radius none
aaa accounting network wait-start radius
to get the Cisco to talk to a radius server.
With IOS 11.3, you need to add:
aaa accounting update newinfo
If you want the IP address of the user to show up in the radutmp file
(and thus, the output of "radwho").
This is because with IOS 11.3, the Cisco first sends a "Start" accounting
packet without the IP address included. By setting "update newinfo" it
will send an account "Alive" packet which updates the information. Cistron
Radius understands the "Alive" packet since 1.5.4.3-beta7.
With newer versions of IOS, you can turn of "aaa accounting update newinfo"
and use
aaa accounting delay-start
instead. That should delay the sending of the start record, until IPCP
has negotiated IP Address. IP Addresses then do appear in start records.
Als you might see a lot of "duplicates" in the logfile. That can be
fixed by
aaa accounting network wait radius
radius-server timeout 3
|
