RADIUS Attributes Configuration Guide Cisco IOS XE Release 3S
RADIUS Attribute 55 Event-Timestamp
Downloads: This chapterpdf (PDF - 1.2MB) The complete bookPDF (PDF - 3.0MB) | The complete bookePub (ePub - 380.0KB) | Feedback

RADIUS Attribute 55 Event-Timestamp

RADIUS Attribute 55 Event-Timestamp

The RADIUS Attribute 55 Event-Timestamp feature allows a network access server (NAS) to insert an event time-stamp attribute in accounting and authentication packets that are sent to the RADIUS server with or without Network Time Protocol (NTP) synchronization.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for RADIUS Attribute 55 Event-Timestamp

Before the Event-Timestamp attribute can be sent in accounting and authentication request packets, you must configure the clock on the network device. For information about setting the clock on your network device, see the “Performing Basic System Management” section in the “Basic System Management” chapter of Network Management Configuration Guide.

To avoid configuring the clock on the network device every time the network device is reloaded, you can enable the clock calendar-valid command. For information about this command, see the “Setting Time and Calendar Services” section in the “Basic System Management” chapter of Network Management Configuration Guide.

Information About RADIUS Attribute 55 Event-Timestamp

When a network device dials in to a network access server (NAS) that is configured for RADIUS authentication, the NAS begins the process of contacting the RADIUS server in preparation for user authentication. Typically, the RADIUS attribute 55 (Event-Timestamp) is not communicated to the RADIUS server until after a successful Network Time Protocol (NTP) synchronization. This feature enables a NAS to insert the Event-Timestamp attribute in accounting and authentication request packets even if NTP synchronization does not happen.

The Event-Timestamp attribute records the time at which the event occurred on the NAS. This times tamp is sent in seconds in RADIUS attribute 55 since January 1, 1970 00:00 UTC.

The Event-Timestamp attribute is saved in memory on the NAS for the life of the session. The RADIUS accounting and authentication start packet, all subsequent accounting and authentication packets, updates (if configured), and stop packets also include the same RADIUS attribute 55 Event-Timestamp representing the time at which the original packet was sent.

How to Configure RADIUS Attribute 55 Event-Timestamp

Configuring RADIUS Attribute 55 Event-Timestamp

Perform this task to send RADIUS attribute 55 in accounting and authentication requests.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    aaa new-model

    4.    aaa authentication ppp default group radius

    5.    aaa accounting network default start-stop group radius

    6.    radius-server host ip-address

    7.    radius-server attribute 55 include-in-acct-req

    8.    radius-server attribute 55 access-req include

    9.    exit


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Device> enable
    
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Device# configure terminal
    
     

    Enters global configuration mode.

     
    Step 3 aaa new-model


    Example:
    Device(config)# aaa new-model
    
     

    Enables authentication, authorization, and accounting (AAA).

     
    Step 4 aaa authentication ppp default group radius


    Example:
    Device(config)# aaa authentication ppp default group radius
    
     

    Specifies one or more AAA methods for use on serial interfaces that run PPP using the list of all RADIUS servers for authentication.

     
    Step 5 aaa accounting network default start-stop group radius


    Example:
    Device(config)# aaa accounting network default start-stop group radius
    
     

    Enables network accounting and sends start and stop accounting notices for the RADIUS accounting method list to the RADIUS server.

     
    Step 6 radius-server host ip-address


    Example:
    Device(config)# radius-server host 192.0.2.3
    
     

    Specifies the IP address of the RADIUS server host.

     
    Step 7 radius-server attribute 55 include-in-acct-req


    Example:
    Device(config)# radius-server attribute 55 include-in-acct-req
    
     

    Sends RADIUS attribute 55 in account-request packets.

     
    Step 8 radius-server attribute 55 access-req include


    Example:
    Device(config)# radius-server attribute 55 access-req include
    
     

    Sends RADIUS attribute 55 in access-request packets.

     
    Step 9 exit


    Example:
    Device(config)# exit
    
     

    Exits global configuration mode.

     

    Verifying RADIUS Attribute 55 Event-Timestamp

    Perform this task to verify that RADIUS attribute 55 is sent in accounting and authentication packets.

    SUMMARY STEPS

      1.    enable

      2.    show running-config

      3.    debug radius


    DETAILED STEPS
      Step 1   enable

      Enables privileged EXEC mode.

      • Enter your password if prompted.


      Example:
      Device> enable
      

      Step 2   show running-config

      Displays the contents of the current running configuration file.



      Example:
      Device# show running-config
      
      .
      .
      .
      aaa group server radius sample
      aaa accounting network default start-stop group radius group sample
      aaa server radius dynamic-author
      radius-server attribute 55 include-in-acct-req
      radius-server attribute 55 access-request include
      radius-server dead-criteria time 10 tries 3
      radius-server host 192.0.2.3
      radius-server retry method reorder
      radius-server retransmit 2
      radius-server deadtime 1
      radius-server key rad123
      radius server host
      .
      .
      .
      radius-server attribute 55 include-in-acct-req
      radius-server attribute 55 access-request include
      

      Step 3   debug radius

      Displays information associated with RADIUS. The output of this command shows whether attribute 55 is being sent in accounting and authentication requests.



      Example:
      Device# debug radius
      
      AAA/BIND(0000000D): Bind i/f Virtual-Template1
      AAA/AUTHEN/PPP (0000000D): Pick method list 'default'
      RADIUS/ENCODE(0000000D):Orig. component type = PPPoE
      RADIUS: DSL line rate attributes successfully added
      RADIUS(0000000D): Config NAS IP: 0.0.0.0
      RADIUS(0000000D): Config NAS IPv6: ::
      RADIUS/ENCODE(0000000D): acct_session_id: 2
      RADIUS(0000000D): sending
      RADIUS/ENCODE: Best Local IP-Address 192.0.2.3 for Radius-Server 192.0.2.1
      RADIUS(0000000D): Sending a IPv4 Radius Packet
      RADIUS(0000000D): Send Access-Request to 192.0.2.1:1645 id 1645/1,len 130
      RADIUS:  authenticator 66 D8 24 42 BC 45 5B 3D - 0E DC 74 D7 E9 3D 81 85
      RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
      RADIUS:  User-Name           [1]   6   "test"
      RADIUS:  User-Password       [2]   18  *
      RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
      RADIUS:  NAS-Port            [5]   6   0
      RADIUS:  NAS-Port-Id         [87]  9   "0/0/0/0"
      RADIUS:  Vendor, Cisco       [26]  41
      RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=aabb.cc00.6500"
      RADIUS:  Service-Type        [6]   6   Framed                    [2]
      RADIUS:  NAS-IP-Address      [4]   6   1.1.1.2
      RADIUS:  Event-Timestamp     [55]  6   1362041578
      RADIUS(0000000D): Started 5 sec timeout
      RADIUS: Received from id 1645/192.0.2.1:1645, Access-Accept, len 20
      .
      .
      .
      RADIUS:  authenticator 2A 2B 24 47 06 44 23 8A - CB CC 8C 96 8D 21 76 DD
      RADIUS(0000000D): Received from id 1645/1
      AAA/BIND(0000000D): Bind i/f Virtual-Access2.1
      RADIUS/ENCODE(0000000D):Orig. component type = PPPoE
      .
      .
      .
      RADIUS(0000000D): Config NAS IP: 0.0.0.0
      RADIUS(0000000D): Config NAS IPv6: ::
      RADIUS(0000000D): sending
      RADIUS/ENCODE: Best Local IP-Address 192.0.2.3 for Radius-Server 192.0.2.1
      RADIUS(0000000D): Sending a IPv4 Radius Packet
      RADIUS(0000000D): Send Accounting-Request to 192.0.2.1:1646 id 1646/1,len 182
      RADIUS:  authenticator C6 81 D0 D7 EA BA 9A A9 - 19 4B 1B 90 B8 D1 66 BF
      RADIUS:  Acct-Session-Id     [44]  10  "00000002"
      RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
      RADIUS:  User-Name           [1]   6   "test"
      RADIUS:  Vendor, Cisco       [26]  32
      RADIUS:   Cisco AVpair       [1]   26  "connect-progress=Call Up"
      RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
      RADIUS:  Acct-Status-Type    [40]  6   Start                     [1]
      RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
      RADIUS:  NAS-Port            [5]   6   0
      RADIUS:  NAS-Port-Id         [87]  9   "0/0/0/0"
      RADIUS:  Vendor, Cisco       [26]  41
      RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=aabb.cc00.6500"
      RADIUS:  Service-Type        [6]   6   Framed                    [2]
      RADIUS:  NAS-IP-Address      [4]   6   1.1.1.2
      RADIUS:  home-hl-prefix      [151] 10  "163BD6D4"
      RADIUS:  Event-Timestamp     [55]  6   1362041588
      RADIUS:  Acct-Delay-Time     [41]  6   0
      RADIUS(0000000D): Started 5 sec timeout
      .
      .
      .
      RADIUS: Received from id 1646/1 1.1.1.1:1646, Accounting-response, len 20
      RADIUS:  authenticator 79 F1 6A 38 07 C3 C8 F9 - 96 66 BE EF 5C FA 91 E6
      


      Configuration Example for RADIUS Attribute 55 Event-Timestamp

      Example: RADIUS Attribute 55 in Accounting and Authentication Packets

      The following example shows a configuration that sends RADIUS attribute 55 in accounting and authentication packets:

      Device> enable
      Device# configure terminal
      Device(config)# aaa new-model
      Device(config)# aaa authentication ppp default group radius
      Device(config)# aaa accounting network default start-stop group radius
      Device(config)# radius-server host 192.0.2.3
      Device(config)# radius-server attribute 55 include-in-acct-req
      Device(config)# radius-server attribute 55 access-req include
      Device(config)# exit
      

      Additional References for RADIUS Attribute 55 Event-Timestamp

      Related Documents

      Related Topic

      Document Title

      Cisco IOS commands

      Cisco IOS Master Command List, All Releases

      Security commands

      Configuring Authentication

      “Configuring Authentication” chapter in Authentication, Authorization, and Accounting Configuration Guide

      Configuring RADIUS

      “Configuring RADIUS” chapter in RADIUS Configuration Guide

      Standards and RFCs

      Standard/RFC

      Title

      RFC 2138

      Remote Authentication Dial In User Service (RADIUS)

      Technical Assistance

      Description

      Link

      The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

      http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

      Feature Information for RADIUS Attribute 55 Event-Timestamp

      The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

      Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

      Table 1 Feature Information for RADIUS Attribute 55 Event-Timestamp

      Feature Name

      Releases

      Feature Information

      RADIUS Attribute 55 Event-Timestamp

      Cisco IOS XE Release 3.9S

      The RADIUS Attribute 55 Event-Timestamp feature allows a network access server (NAS) to insert an event time-stamp attribute in accounting and authentication packets sent to the RADIUS server with or without Network Time Protocol (NTP) synchronization.

      The following commands were introduced or modified: radius-server attribute 55 access-req include and radius-server attribute 55 include-in-acct-req.