- Finding Feature Information
- Contents
- Restrictions for RADIUS: Separate Retransmit Counter
for Accounting - Information About RADIUS: Separate Retransmit Counter
for Accounting - How to Configure RADIUS: Separate Retransmit Counter
for Accounting - Configuration Examples for RADIUS: Separate Retransmit Counter for Accounting
- Additional References
- Feature Information for RADIUS: Separate Retransmit Counter for Accounting
RADIUS: Separate Retransmit Counter for Accounting
First Published: February 3, 2003
Last Updated: September 1, 2009
The RADIUS: Separate Retransmit Counter for Accounting feature allows users to configure an exponential backoff retransmit. That is, after the normally configured retransmission retries have been used, the router continues trying with an interval that doubles on each retransmission failure until a configured maximum interval is reached. This functionality allows users to retransmit accounting requests for many hours without overloading the RADIUS server when it does come back up.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for RADIUS: Separate Retransmit Counter for Accounting" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. An account on Cisco.com is not required.
Contents
•
Restrictions for RADIUS: Separate Retransmit Counter for Accounting
•Information About RADIUS: Separate Retransmit Counter for Accounting page 1
•How to Configure RADIUS: Separate Retransmit Counter for Accounting
•Configuration Examples for RADIUS: Separate Retransmit Counter for Accounting
•Feature Information for RADIUS: Separate Retransmit Counter for Accounting
Restrictions for RADIUS: Separate Retransmit Counter
for Accounting
The following tasks result in excessive memory consumption on the router:
•Configuring this feature on a router with a high call rate.
•Configuring the aaa accounting send stop-record authentication failure command: an accounting record and a RADIUS packet is generated for each user that fails to authenticate while the RADIUS server is down.
•Configuring interim accounting: new accounting records are generated and stored on the router.
Information About RADIUS: Separate Retransmit Counter
for Accounting
In many environments, a single RADIUS server is used for authentication and accounting. Whenever this server is down for approximately 24 hours, the accounting records of users already on the router are lost after authentication, authorization, and accounting (AAA) does all the retransmissions. Before the introduction of this feature, the retransmissions could be configured for a maximum of 100 retries and the timeout could be configured for 1,000 seconds. Although these configurations keep the accounting records on the router for 24 hours, a timeout of 1,000 seconds is unreasonable, causing problems when the RADIUS server cannot be reached due to network congestion.
The RADIUS: Separate Retransmit Counter for Accounting feature allows users to configure an exponential backoff retransmit. That is, after the normally configured retransmission retries have been used, the router continues trying with an interval that doubles on each retransmission failure until a configured maximum interval is reached. This functionality allows users to retransmit accounting requests for many hours without overloading the RADIUS server when it does come back up.
This feature can be configured globally (through the radius-server backoff exponential command), per server (through the radius-server host command), or per group (through the backoff exponential command).
Benefits
With this feature, users can extend the time in which the RADIUS client (the router) sends accounting requests to the RADIUS server in the event that the RADIUS server or the connection to the server is down and there is no accounting response confirmation. This functionality enables accounting records to remain on the router for up to 24 hours.
How to Configure RADIUS: Separate Retransmit Counter
for Accounting
This section contains the following tasks:
•Configuring a Retransmit Counter for Accounting Globally or per RADIUS Host (required)
•Configuring a Retransmit Counter for Accounting per RADIUS Server Group (required)
•Verifying Retransmit Configurations (optional)
Configuring a Retransmit Counter for Accounting Globally or per RADIUS Host
To configure exponential backoffs of RADIUS retransmits over an extended period of time on a global basis and per RADIUS host, perform the following steps:
SUMMARY STEPS
1. enable
2. configure terminal
3. radius-server backoff exponential [max-delay minutes] [backoff-retry retransmits]
4. radius-server host {hostname | ip-address} [test username user-name] [auth-port port-number] [ignore-auth-port] [acct-port port-number] [ignore-acct-port] [timeout seconds] [retransmit retries] [key string] [alias {hostname | ip-address}] [idle-time seconds] [backoff exponential {backoff-retry number-of-retransmits | key encryption-key | max-delay minutes}]
DETAILED STEPS
Configuring a Retransmit Counter for Accounting per RADIUS Server Group
To configure exponential backoffs of RADIUS retransmits over an extended period of time per RADIUS server group, perform the following steps:
SUMMARY STEPS
1. enable
2. configure terminal
3. aaa group server radius group-name
4. backoff exponential [max-delay minutes] [backoff-retry retransmits]
DETAILED STEPS
Verifying Retransmit Configurations
To verify feature functionality, use any of the following EXEC commands:
SUMMARY STEPS
1. enable
1. debug radius
2. show accounting
3. show radius statistics
DETAILED STEPS
Configuration Examples for RADIUS: Separate Retransmit Counter for Accounting
This section provides the following configuration examples:
•Retransmit Counter for Accounting Comprehensive Configuration: Example
•Per-Server Configuration: Example
Retransmit Counter for Accounting Comprehensive Configuration: Example
The following example shows how to configure your router for exponential backoff retransmit of accounting requests. In this example, an exponential backoff is configured globally (through the radius-server backoff exponential command) and for the RADIUS server host "172.107.164.206" (through the radius-server host command).
aaa new-model
aaa authentication login default group radius
aaa authentication ppp default group radius
aaa authorization exec default group radius
aaa authorization network default group radius
aaa accounting send stop-record authentication failure
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
!
interface BRI1/0
ip address 10.0.0.2 255.0.0.0
encapsulation ppp
no ip mroute-cache
dialer idle-timeout 0
dialer-group 1
isdn switch-type basic-5ess
!
radius-server host 172.107.164.206 auth-port 1645 acct-port 1646 backoff exponential max-delay 60 backoff-retry 32
radius-server backoff exponential max-delay 60 backoff-retry 32
radius-server retransmit 3
radius-server key rad123
end
Per-Server Configuration: Example
The following example shows how to enable exponential backoff retransmits on a per-server basis. In this example, assume that the retransmit is configured for 3 retries and the timeout is configured for 5 seconds; that is, the RADIUS request is transmitted 3 times with a delay of 5 seconds. Thereafter, the router continues to retransmit RADIUS requests with a delayed interval that doubles each time until 32 retries have been achieved. The router stops doubling the retransmit intervals after the interval surpasses the configured 60 minutes; it transmits every 60 minutes.
radius-server host foo.xyz.com backoff exponential max-delay 60 backoff-retry 32
After enabling this command, the retransmits are sent as follows ("t" equals seconds):
t = 0 req sent
t = 5 retrans 1
t = 10 retrans 2
t = 15 retrans 3
t = 25 retrans 4
t = 45 retrans 5
t = 85 retrans 6
t = 165 retrans 7
t = 325 retrans 8
t = 645 retrans 9
t = 1285 retrans 10
t= 2565 retrans 11
t = 5125 retrans 12
t = 8725 retrans 13 (The interval has stabilized to 60 minutes here).
t = 12325 retrans 14 till retransmit 35
After all the retransmits are sent, the RADIUS request follows the same path that it would when all the normal retransmits are done.
Additional References
The following sections provide references related to the RADIUS: Separate Retransmit Counter for Accounting.
Related Documents
|
|
|
|---|---|
RADIUS and AAA accounting configuration tasks and commands |
• |
Standards
|
|
|
|---|---|
None |
— |
MIBs
|
|
|
|---|---|
None |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
|
|
|
|---|---|
No new or modified RFCs are supported by this feature. |
— |
Technical Assistance
Feature Information for RADIUS: Separate Retransmit Counter for Accounting
Table 1 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2003-2009 Cisco Systems, Inc. All rights reserved
Feedback