|
|
The RADIUS Support of 56-Bit Acct Session-Id feature introduces a new 32-bit authentication, authorization, and accounting (AAA) variable, acct-session-id-count. The first eight bits of the acct-session-id-count variable are reserved for the unique identifier variable, a unique number assigned to the accounting session which is preserved between reloads. The acct-session-id-count variable is used in addition to the existing 32-bit acct-session-id variable, RADIUS attribute 44, providing a total of 56 bits of to represent the actual Accounting Session Identifier (ID). Benefits of this feature include the following:
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn . You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
AAA accounting must be configured. For more information about configuring AAA accounting, refer to the "Configuring Accounting " chapter in the Cisco IOS Security Configuration Guide , Release 12.2.
To configure the RADIUS Support of 56-bit Acct Session-Id feature, you must understand the following concepts:
RADIUS attribute 44, Accounting Session ID, is a unique accounting identifier that makes it easy to match start and stop records in a log file. Accounting session ID numbers restart at 1 each time the router is power-cycled or the software is reloaded. RADIUS attribute 44 is automatically enabled when AAA accounting is configured.
The acct-session-id variable is a 32-bit variable that can take on values from 00000000-FFFFFFFF.
The new acct-session-id-count variable is a 32-bit variable. The first eight bits of the variable are reserved for the unique identifier variable, an identifier that allows the RADIUS server to identify an accounting session if a reload occurs. The remaining 24 bits of the acct-session-id-count variable acts as a counter variable. When the first acct-session-id variable is assigned, this counter variable is set to 1. The variable increments by 1 every time the acct-session-id variable wraps, preventing the loss of accounting information.
The acct-session-id-count variable can take on values from ##000000- ##FFFFFF, where ## represents the eight bits that are reserved for the unique identifier variable.
The acct-session-id-count and acct-session-id variables are concatenated before being sent to the RADIUS server, resulting in the acct-session variable being represented as the following:
##000000 00000000- ##FFFFFF FFFFFFFF
This allows a total of 56 bits to be used for acct-session-id space.
The 8-bit unique identifier variable allows accounting session identities to be identified if a reload occurs.
The additional space provided by the acct-session-id-count variable can keep track of acct-session-id wrapping when there is a high volume of traffic, such as voice calls. By incrementing each time the acct-session-id variable wraps, the acct-session-id-count variable preserves accounting information.
This section contains the following procedure:
This task enables the acct-session-id-count variable containing the unique identifier variable.
2. radius-server unique-ident id
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
Example: |
|
| Step 2 |
Example: |
Enables the acct-session-id-count variable containing the unique identifier variable. |
This section contains the following configuration example:
The following example configures AAA authentication, enables RADIUS attribute 44 in access request packets, and enables the acct-session-id-count variable and sets the unique identifier variable to 5:
For additional information related to the RADIUS Support of 56-Bit Acct Session-Id feature, refer to the following references:
| Related Topic | Document Title |
|---|---|
"Configuring RADIUS " chapter in the Cisco IOS Security Configuration Guide, Release 12.2 |
|
"Configuring Accounting " chapter in the Cisco IOS Security Configuration Guide, Release 12.2 |
|
"RADIUS Attributes " section in the Cisco IOS Security Configuration Guide, Release 12.2 |
|
"RADIUS Commands " chapter in the Cisco IOS Security Command Reference, Release 12.2 T |
| MIBs | MIBs Link |
|---|---|
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
| RFCs1 | Title |
|---|---|
| 1Not all supported RFCs are listed. |
This section documents the new radius-server unique-ident command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 T command reference publications.
To enable the acct-session-id-count variable containing the unique identifier variable, use the radius-server unique-ident command in global configuration mode. To disable the acct-session-id-count variable, use the no form of this command.
Syntax Description
Specifies the unique identifier represented by the first eight bits of the acct-session-id-count variable. Valid values range from 0 to 255. |
Defaults
The acct-session-id-count variable is disabled.
Command Modes
Command History
Usage Guidelines
Use the radius-server unique-ident command to increase the size of the accounting session identifier (ID) variable from 32 bits to 56 bits.
RADIUS attribute 44, Accounting Session ID, is a unique accounting identifier that makes it easy to match start and stop records in a log file. Accounting session ID numbers restart at 1 each time the router is power-cycled or the software is reloaded.
The acct-session-id variable is a 32-bit variable that can take on values from 00000000-FFFFFFFF.
The acct-session-id-count variable enabled by the radius-server unique-ident command is a 32-bit variable. The first eight bits of the variable are reserved for the unique identifier, an identifier that allows the RADIUS server to identify an accounting session if a reload occurs. The remaining 24 bits of the acct-session-id-count variable acts as a counter variable. When the first acct-session-id variable is assigned, the acct-session-id-count variable is set to 1. The acct-session-id-count variable increments by 1 every time the acct-session-id variable wraps.
The acct-session-id-count variable can take on values from ##000000-##FFFFFF, where ## represents the 8 bits that are reserved for the unique identifier variable.
The acct-session-id-count and acct-session-id variables are concatenated before being sent to the RADIUS server, resulting in the accounting session being represented by the following 56 bit variable:
##000000 00000000-##FFFFFF FFFFFFFF
Examples
The following example enables the acct-session-id-count variable and sets the unique identifier variable to 5:
Posted: Fri May 9 14:29:07 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.