- Configuring RADIUS
- Framed-Route in RADIUS Accounting
- RFC-2867 RADIUS Tunnel Accounting
- RADIUS Centralized Filter Management
- RADIUS Debug Enhancements
- RADIUS Logical Line ID
- RADIUS Route Download
- RADIUS Server Load Balancing
- RADIUS Support of 56-Bit Acct Session-Id
- RADIUS Tunnel Preference for Load Balancing and Fail-Over
- RADIUS Server Reorder on Failure
- Finding Feature Information
- Prerequisites for RADIUS Support of 56-Bit Acct Session-Id
- Information About RADIUS Support of 56-Bit Acct Session-Id
- How to Configure RADIUS Support of 56-Bit Acct Session-Id
- Configuration Examples for RADIUS Support of 56-Bit Acct Session-Id
- Additional References
- Feature Information for RADIUS Support of 56-Bit Acct Session-Id
RADIUS Support of 56-Bit Acct Session-Id
The RADIUS Support of 56-Bit Acct Session-Id feature introduces a new 32-bit authentication, authorization, and accounting (AAA) variable, acct-session-id-count. The first eight bits of the acct-session-id-count variable are reserved for the unique identifier variable, a unique number assigned to the accounting session which is preserved between reloads. The acct-session-id-count variable is used in addition to the existing 32-bit acct-session-id variable, RADIUS attribute 44, providing a total of 56 bits of to represent the actual Accounting Session Identifier (ID). Benefits of this feature include the following:
- The 8-bit unique identifier variable allows accounting session IDs to be identified if a reload occurs.
- The additional space provided by the acct-session-id-count variable can keep track of acct-session-id wrapping when there is a high volume of traffic, such as voice calls. By incrementing each time the acct-session-id variable wraps, the acct-session-id-count variable preserves accounting information.
- Finding Feature Information
- Prerequisites for RADIUS Support of 56-Bit Acct Session-Id
- Information About RADIUS Support of 56-Bit Acct Session-Id
- How to Configure RADIUS Support of 56-Bit Acct Session-Id
- Configuration Examples for RADIUS Support of 56-Bit Acct Session-Id
- Additional References
- Feature Information for RADIUS Support of 56-Bit Acct Session-Id
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for RADIUS Support of 56-Bit Acct Session-Id
AAA accounting must be configured. For more information about configuring AAA accounting, refer to the “ Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide .
Information About RADIUS Support of 56-Bit Acct Session-Id
Acct-Session-Id Attribute
RADIUS attribute 44, Accounting Session ID, is a unique accounting identifier that makes it easy to match start and stop records in a log file. Accounting session ID numbers restart at 1 each time the router is power-cycled or the software is reloaded. RADIUS attribute 44 is automatically enabled when AAA accounting is configured.
The acct-session-id variable is a 32-bit variable that can take on values from 00000000-FFFFFFFF.
Acct-Session-Id-Count Attribute
The new acct-session-id-count variable is a 32-bit variable. The first eight bits of the variable are reserved for the unique identifier variable, an identifier that allows the RADIUS server to identify an accounting session if a reload occurs. The remaining 24 bits of the acct-session-id-count variable acts as a counter variable. When the first acct-session-id variable is assigned, this counter variable is set to 1. The variable increments by 1 every time the acct-session-id variable wraps, preventing the loss of accounting information.
The acct-session-id-count variable can take on values from ##000000- ##FFFFFF, where ## represents the eight bits that are reserved for the unique identifier variable.
The acct-session-id-count and acct-session-id variables are concatenated before being sent to the RADIUS server, resulting in the acct-session variable being represented as the following:
##000000 00000000- ##FFFFFF FFFFFFFF
This allows a total of 56 bits to be used for acct-session-id space.
How to Configure RADIUS Support of 56-Bit Acct Session-Id
Configuring RADIUS Support of 56-Bit Acct Session-Id
This task enables the acct-session-id-count variable containing the unique identifier variable.
DETAILED STEPS
Configuration Examples for RADIUS Support of 56-Bit Acct Session-Id
Configuring RADIUS Support of 56-Bit Acct Session-Id Example
The following example configures AAA authentication, enables RADIUS attribute 44 in access request packets, and enables the acct-session-id-count variable and sets the unique identifier variable to 5:
aaa new-model aaa authentication ppp default group radius radius-server host 10.100.1.34 radius-server unique-ident 5
Additional References
The following sections provide references related to the RADIUS Support of 56-Bit Acct Session-ID feature.
Related Documents
Related Topic |
Document Title |
---|---|
Configuring RADIUS |
See the “ Configuring RADIUS ” feature module. |
Configuring accounting |
See the “ Configuring Accounting ” feature module. |
AAA RADIUS attributes |
See the “ RADIUS Attributes Overview and RADIUS IETF Attributes ” feature module. |
RADIUS commands |
Cisco IOS Security Command Reference |
Standards
Standard |
Title |
---|---|
None |
-- |
MIBs
MIB |
MIBs Link |
---|---|
None |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
RFC |
Title |
---|---|
RFC 2139 |
RADIUS Accounting |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature Information for RADIUS Support of 56-Bit Acct Session-Id
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1 | Feature Information for RADIUS Support of 56-Bit Acct Session-Id |
Feature Name |
Releases |
Feature Information |
---|---|---|
RADIUS Support of 56-Bit Acct Session-ID |
12.3(2)T |
The RADIUS Support of 56-Bit Acct Session-Id feature introduces a new 32-bit authentication, authorization, and accounting (AAA) variable, acct-session-id-count. This feature was introduced in Cisco IOS Release 12.3(2)T. The following commands were introduced or modified: radius-server unique-iden. |
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.