Good Afternoon,
I'm in the process of implementing RADIUS AAA for our 400 odd ProCurve installation. I have successfully managed to get all parts of this working, although have noticed an issue which isn't terminal but is annoying.
The switch sends an Access-Request, the identification information is verified and our RADIUS server sends back Access-Accept. So far so good, at this point the user is logged into the switch and they can configure it.
With "aaa accounting exec/system/network start-stop radius" (I don't recall which one exactly) I then see an Accounting-Request from the switch and we acknowledge with an Accounting-Response.
All fine and happy, I also noticed that we have "aaa accounting commands stop-only radius". With this option another Accounting-Request is sent every command that is entered, which again is good.
However, an Accounting-Request caused by "aaa accounting commands" does not match the Acct-Session-Id that was created by the login, and infact it increments one each time a command is "accounted".
Is this common? Has anyone else seen this issue? I'm testing this on a 2650 running H.10.50. My RADIUS config is below.
Many thanks for any info!
Peter.
aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa accounting update periodic 5
aaa accounting network start-stop radius
aaa accounting exec start-stop radius
aaa accounting system start-stop radius
aaa accounting commands stop-only radius
radius-server key xxx
radius-server host 192.168.0.1
radius-server host 192.168.0.2