Support for Accounting Session ID

Information About Accounting Session ID

Accounting ID is a unique identifier for a wireless client session. This ID helps to identify the accounting data of a client in the AAA server. Accounting session ID is generated by the AAA module.

From Cisco IOS XE Bengaluru, Release 17.4.1 onwards, Accounting Session ID is supported in the AAA access request, while authenticating wireless client using IEEE 802.1x method. In the Cisco IOS XE Amsterdam, Release 17.3.x and earlier releases, the Accounting Session ID was sent only as part of the accounting request. From Cisco IOS XE Bengaluru, Release 17.4.1 onwards, the Accounting Session ID is sent as part of the access request too.

Configuring an Accounting Session ID (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

radius-server attribute wireless 44 include-in-access-req

Example:

Device(config)# radius-server attribute wireless 44 include-in-access-req

Sends the RADIUS authentication attribute 44, in the access request packet.

Step 3

aaa accounting identity accounting-list-name start-stop group server-group-name

Example:

Device(config)# aaa accounting identity accounting-list-name start-stop group AAA_GROUP_1

Configures the accounting session identity of the AAA server.

Step 4

wireless profile policy

Example:

Device(config)# wireless profile policy default-policy-profile accounting-list-name start-stop group AAA_GROUP_1

Configures the WLAN policy profile.

Step 5

accounting-list accounting-list-name

Example:

Device(config-wireless-policy)# accounting-list accounting-list-name

Configures the accounting list.

Note

 

The Accounting Session ID is added as part of the account request, only if radius-server attribute wireless 44 include-in-access-req is enabled along with the accounting configuration under the wireless policy.

Step 6

description description-name

Example:

Device(config-wireless-policy)# description accounting-description

Adds a description for the policy profile.

Step 7

vlan vlan-id

Example:

Device(config-wireless-policy)# vlan 40

Configures the VLAN name or ID.

Step 8

no shutdown

Example:

Device(config-wireless-policy)# no shutdown

Saves the configuration and exits configuration mode and returns to privileged EXEC mode.

Verifying an Account Session ID

To verify if an Account Session ID is populated, use the following command:

Device# show wireless pmk-cache 
Number of PMK caches in total : 1
Type      Station             Entry Lifetime  VLAN Override         IP Override         Accounting-Session-Id   Audit-Session-Id              Username

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

RSN       6c19.c0e6.a444      1768            NA                                        0x00000006              052DA8C1000000104E634C77      cwa-user

To display the current Accounting Session ID, use the following command:

Device# show wireless client mac-address<H.H.H>detail 
Central NAT : DISABLED
Session Manager:
  Point of Attachment : capwap_90000005
  IIF ID             : 0x90000005
  Authorized         : TRUE
  Session timeout    : 1800
  Common Session ID: 000000000000000B14E9130A
  Acct Session ID  : 0x0000000c
  Last Tried Aaa Server Details:
        Server IP : 9.10.8.247
  Auth Method Status List
        Method : Dot1x
                SM State         : AUTHENTICATED
                SM Bend State    : IDLE
  Local Policies:
        Service Template : wlan_svc_default-policy-profile (priority 254)
                VLAN             : 1
  Server Policies:
                Absolute-Timer   : 1800
  Resultant Policies:
                VLAN Name        : default
                VLAN             : 1
                Absolute-Timer   : 1800