Flexible authentication accounting

When 802.1X or MAC authentication is enabled on the ICX device, RADIUS accounting can also be enabled. This feature enables the ICX device to log information on the RADIUS server about 802.1X- authenticated clients or MAC-authenticated clients. The information logged on the RADIUS server includes the client session ID, MAC address, user name, authenticating physical port, packet statistics, client IP address information, and so on. Flexible authentication accounting works as follows.

  1. A RADIUS server successfully authenticates a client.
  2. If 802.1X accounting or MAC authentication accounting is enabled, the ICX device sends an 802.1X Accounting Start packet to the RADIUS server, indicating the start of a new session.
  3. The RADIUS server acknowledges the Accounting Start packet.
  4. The RADIUS server records information about the client.
  5. Periodically or whenever a change occurs in the session, such as an IP address update, the ICX device sends an Interim Accounting Stop packet to the RADIUS server.
  6. The RADIUS server acknowledges the Interim Accounting Stop packet.
  7. When the session is concluded, the ICX device sends an Accounting Stop packet to the RADIUS server, indicating the end of the session.
  8. The RADIUS server acknowledges the Accounting Stop packet.

For more information, refer to RADIUS accounting for 802.1X authentication and MAC authentication.