Should radius-accounting servers for a switch be explicitly set in NAC?

  • 0
  • 1
  • Question
  • Updated 7 months ago
  • Answered
Hello, everybody,

please, take a look at my configuration of a switch:

RADIUS-accounting servers are NAC servers. RADIUS accounting is set Enabled.

Should I explicitly set them in RADIUS servers? Tick the box and set both NAC servers as accounting servers? Or this is not necessary?

 

I ask it because when I do "Verify RADIUS configuration" procedure I get the error below in spite of MAC authenticaton works

 

Many thanks in advance,
Ilya
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb

Posted 7 months ago

  • 0
  • 1
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,050 Points 5k badge 2x thumb
Hello,

It's necessary if NAC is controlling the RADIUS configurations on the switch and you want RADIUS accounting. 

Configuration the "Switches" section does two things: 

1. Updates the "clients.conf" file in the NAC to allow processing of RADIUS requests from the host and configures the RADIUS attributes to send scheme in NAC.

2. When "Enforce" and the device is supported NAC will write the appropriate RADIUS configurations to the switch. If RADIUS Accounting isn't configured and NAC can write RADIUS configurations it will overwrite any manual configurations that already exist.

Thanks
-Ryan
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Thank for your reply, Ryan!

I've set explicitly both NAC servers as RADIUS accounting server. Enforced switches. Nothing changed. "Verify RADIUS configuration" still reports Failure as check result.

I'll what happens tomorrow when people come and login.

Thanks.