|
After the User Control Point (UCP) software is configured and running, it begins collecting accounting data about users connecting to its services. It collects and outputs the accounting data in two formats, NetFlow and Remote Access Dial-In User Service (RADIUS).
This chapter contains the following sections:
1. The router collects and sends the NetFlow accounting data to the NetFlow Collector (a client application).
2. The NetFlow Collector receives the data from the router(s) and writes the data to a flat ASCII file.
3. The NetFlow Parser is a client application that reads the data stored in the file and publishes it via the NCP::NetFlow event to the Information Bus.
4. If a Subscriber Management System (SMS) adapter has been developed which subscribes to the NCP::NetFlow event, the adapter can then use and store the data in an SMS database. (For information about developing an SMS adapter, refer to the ActiveWeb documentation.)
To cause UCP to collect NetFlow accounting data, you must:
1. Configure the router(s) running the NetFlow protocol to tell them on which host the NetFlow Collector is running.
2. Configure the NetFlow Collector, entering the data filename and location, and the data scheme supported by UCP.
3. Configure the NetFlow Parser, entering the data filename and location, and the data scheme supported by UCP.
4. Start the NetFlow Parser, which automatically starts the NetFlow Collector.
For each router you want to configure to send NetFlow data to the NetFlow Collector, you must enter the following Cisco IOS command:
ip flow-export
ip-address udp-port
where ip-address is the IP address of the host on which the NetFlow Collector is running, and udp-port is the port number on which the NetFlow Collector is listening.
To configure the NetFlow Collector:
Step 1 With a text editor such as vi, open the file nf.config. The nf.config file contains a list of variables followed by the value desired for that variable. A tab separates the variable from the value.
Step 2 Enter the following information in the nf.config file:
where interval is a number indicating the length of time, in minutes, of the interval between writes to the output file, and output_dir is the directory name where the output file is located.
Step 3 Save the changes to nf.config and exit the editor.
To configure the NetFlow Parser:
Step 1 Start the Network Control Console (NCC).
Step 2 In the tree, right-click the server on which you want to run the NetFlow Parser.
Step 3 From the popup menu, select Start New Service, then Netflow.
The Service Properties dialog box appears.
Step 4 Select the General tab.
Step 5 The Host field should contain the domain name or IP address of the server on which the Information Broker runs. If it does not, enter the broker IP address in the Host field.
Step 6 Select the Specific tab.
Step 7 In the netflowdirectoryname field, enter the directory name where the NetFlow output file is located.
Step 9 In the guidtarget field, enter the text SMS adapter.
Step 10 Click OK.
Starting the NetFlow Parser also starts the NetFlow Collector. To start the NetFlow Parser:
Step 1 Start the NCC.
Step 2 In the tree, right-click the server on which you want to start the NetFlow Parser.
Step 3 From the popup menu, select Start New Service, then Netflow.
The Service Properties dialog box appears.
Step 4 Click Start.
The output file contains a header and data. The header consists of:
The data appears as a row for each source address, where the first field in the row is the source IP address, followed by the sum of all packets sent, the total number of bytes (octets) sent from the source, and the number of flows aggregated into the row. The fields are separated from each other by a vertical bar (|) with no leading or trailing white space.
The application might have aggregated data in its internal aggregation buffer(s) when it is signaled to exit. It writes the data into output file(s) and exits. However, it generates and marks the output files differently in this event. The output filename is given a suffix of the keyword PARTIAL, and the dot in the header is written as "PARTIAL."
Example output follows:
ROUTER 171.69.73.146|TYPE IP|AGGREGATION SourceNode|PERIOD 10|UTC_Begin
869784176|UTC_End 869784776
172.22.6.63|103|7828|33
192.168.35.66|123|5432|46
192.168.35.67|1312|52608|5
171.69.158.194|238|25552|9
192.168.35.83|1109|52286|24
171.69.2.132|377|74025|314
171.69.2.137|17|1768|17
171.69.2.138|92334|126207586|4
171.69.2.141|2617|952324|152
192.168.35.98|1316|113064|47
After a user has connected and been successfully authenticated, the RADIUS authentication, authorization, and accounting (AAA) server begins storing accounting data for that user. The data is stored in a flat ASCII file that is readable and usable. The data can also be published to the Information Bus by the Accounting Parser, a server that reads the data file and publishes the data via the NCP::Accounting event. After the data is published to the Information Bus, an SMS adapter that is developed to subscribe to the NCP::Accounting event can receive the accounting data and store it in the local SMS database.
To cause UCP to collect RADIUS accounting data, you must:
1. Configure the PGS server, entering the port number used for accounting data.
2. Configure the RADIUS server using the CiscoSecure Access Control Server (ACS) GUI, entering the port number used for accounting data and the output file location.
3. Configure the Accounting Parser by entering the data file location.
4. Start the Accounting Parser.
To enter the port number for accounting information:
Step 1 Start the NCC.
Step 2 In the tree, right-click the PGW service.
Step 3 From the popup menu, select Properties.
The Service Properties dialog box appears.
Step 4 Select the Specific tab.
Step 5 In the primaryserver fields in both the a1anda2requester and the a1anda2anda3requester sections, enter the port number used for accounting data.
Step 6 Click OK.
To configure the RADIUS server:
Step 1 Use a Java-enabled browser to connect to the host where CiscoSecure ACS is installed. You must use either Netscape Navigator v3.0.1 or later or Microsoft Internet Explorer v3.2 or later.
Step 2 Log in to the CiscoSecure ACS.
Step 3 Click Advanced.
Step 4 Click Advanced again.
Step 5 Click Servers.
Step 6 Select the IP address from the Servers list.
Step 7 Verify that the port number of the server is the same as the port number entered in the PGW service configuration.
Step 8 Click Edit.
Step 9 In the Accounting field, select File.
Step 10 In the Directory field, enter the directory name where you want the output file to be located.
Step 11 Click Done.
To configure the Accounting Parser:
Step 1 Start the NCC.
Step 2 In the tree, right-click the server on which you want to run the Accounting parser.
Step 3 From the popup menu, select Start New Service, then Accounting Parser.
The Service Properties dialog box appears.
Step 4 Select the General tab.
Step 5 The Host field should contain the FQDN or IP address of the server on which the ActiveWeb Information Broker runs. If it does not, enter the IP address of the broker in the Host field.
Step 6 Select the Specific tab.
Step 7 In the accountingdirectoryname field, enter the directory name where the output file is located.
Step 8 The timeinterval field determines how frequently the parser should parse the output file. Enter the number of seconds indicating that interval.
Step 9 In the guidtarget field, enter the text SMS adapter.
To start the Accounting Parser:
Step 1 Start the NCC.
Step 2 In the tree, right-click the server on which you want to start the Accounting Parser.
Step 3 From the popup menu, select Start New Service, then Accounting Parser.
The Service Properties dialog box appears.
Step 4 Click Start.
The RADIUS accounting output file is a flat database file where each record indicates the username, time usage, number of uses, calculate charges, and the date and time stamp as follows:
pmtest 3:21:40 4 0 Wed May 8 11:37:30 1998
|