Wireless (General)

Expand all | Collapse all

Should radius-accounting servers for a switch be explicitly set in NAC?

  • 1.  Should radius-accounting servers for a switch be explicitly set in NAC?

    Posted 01-22-2018 19:27
    Hello, everybody,

    please, take a look at my configuration of a switch:

    RADIUS-accounting servers are NAC servers. RADIUS accounting is set Enabled.

    Should I explicitly set them in RADIUS servers? Tick the box and set both NAC servers as accounting servers? Or this is not necessary?



    I ask it because when I do "Verify RADIUS configuration" procedure I get the error below in spite of MAC authenticaton works



    Many thanks in advance,
    Ilya


  • 2.  RE: Should radius-accounting servers for a switch be explicitly set in NAC?

    Posted 01-22-2018 19:33
    Hello,

    It's necessary if NAC is controlling the RADIUS configurations on the switch and you want RADIUS accounting.

    Configuration the "Switches" section does two things:

    1. Updates the "clients.conf" file in the NAC to allow processing of RADIUS requests from the host and configures the RADIUS attributes to send scheme in NAC.

    2. When "Enforce" and the device is supported NAC will write the appropriate RADIUS configurations to the switch. If RADIUS Accounting isn't configured and NAC can write RADIUS configurations it will overwrite any manual configurations that already exist.

    Thanks
    -Ryan


  • 3.  RE: Should radius-accounting servers for a switch be explicitly set in NAC?

    Posted 01-22-2018 19:33
    Thank for your reply, Ryan!

    I've set explicitly both NAC servers as RADIUS accounting server. Enforced switches. Nothing changed. "Verify RADIUS configuration" still reports Failure as check result.

    I'll what happens tomorrow when people come and login.

    Thanks.