D-Link DFL-210-WCF-12 Product Manual - Page 62
Interim Accounting Messages, 2.3.4. Activating RADIUS Accounting
UPC - 790069601545
View all D-Link DFL-210-WCF-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 62 highlights
2.3.3. Interim Accounting Messages Chapter 2. Management and Maintenance Tip: The meaning of the asterisk after a list entry The asterisk "*" symbol after an entry in the list above indicates that the sending of the parameter is optional and is configurable. 2.3.3. Interim Accounting Messages In addition to START and STOP messages NetDefendOS can optionally periodically send Interim Accounting Messages to update the accounting server with the current status of an authenticated user. An Interim Accounting Message can be seen as a snapshot of the network resources that an authenticated user has used up until a given point. With this feature, the RADIUS server can track how many bytes and packets an authenticated user has sent and received up until the point when the last message was sent. An Interim Accounting Message contains the current values of the statistics for an authenticated user. It contains more or less the same parameters as found in an AccountingRequest Stop message, except that the Acct-Terminate-Cause is not included (as the user has not disconnected yet). The frequency of Interim Accounting Messages can be specified either on the authentication server, or in NetDefendOS. Switching on the setting in NetDefendOS will override the setting on the accounting server. 2.3.4. Activating RADIUS Accounting In order to activate RADIUS accounting a number of steps must be followed: • The RADIUS accounting server must be specified. • A user authentication object must have a rule associated with it where a RADIUS server is specified. Some important points should be noted about activation: • RADIUS Accounting will not function where a connection is subject to a FwdFast rule in the IP rule set. • The same RADIUS server does not need to handle both authentication and accounting; one server can be responsible for authentication while another is responsible for accounting tasks. • Multiple RADIUS servers can be configured in NetDefendOS to deal with the event when the primary server is unreachable. 2.3.5. RADIUS Accounting Security Communication between NetDefendOS and any RADIUS accounting server is protected by the use of a shared secret. This secret is never sent over the network but instead a 16 byte long Authenticator code is calculated using a one way MD5 hash function and this is used to authenticate accounting messages. The shared secret is case sensitive, can contain up to 100 characters, and must be typed exactly the same for NetDefendOS and for the RADIUS server. Messages are sent using the UDP protocol and the default port number used is 1813 although this is user configurable. 2.3.6. RADIUS Accounting and High Availability In an HA cluster, accounting information is synchronized between the active and passive NetDefend 62