Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide, Cisco IOS XE 17.14.x

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: April 5, 2024

Chapter: RADIUS Accounting

RADIUS Accounting
RADIUS accounting of AP events
Configure accounting method-list for an AP profile
Verify the AP accounting information
AAA Accounting
- Configure AAA accounting using default method list (CLI)
- Configure HTTP command accounting using named method list (CLI)
Feature History for Device Ecosystem Data
Information About Device Ecosystem Data
Enable Device Ecosystem Data
Verify Device Ecosystem Data

RADIUS Accounting

RADIUS accounting of AP events

RADIUS accounting of AP events is a network monitoring mechanism that

Tracks the status transitions of APs within a wireless controller environment
Records AP join and disjoin events
Provides historical visibility into AP downtime and uptime through accounting messages sent to a RADIUS server.

Feature History

This table provides release and related information for the feature explained in this module.

This feature is also available in all the releases subsequent to the one in which they are introduced in, unless noted otherwise.

Table 1. Feature history table
Feature Name	Release	Description
Device Ecosystem Data	Cisco IOS XE 17.10.1	This feature sends device analytics data that is present in the RADIUS accounting request to Cisco ISE to profile endpoints The command is introduced: dot11-tlv-accounting
Chargeable User Identity in RADIUS Accounting	Cisco IOS XE 17.9.1	Chargeable User Identity (CUI) is a unique identifier for a client visiting a network. This attribute can be used as an alternative for the client’s username as part of the authentication process. The command is introduced: dot11-tlv-accounting
Improved Logging in RADIUS Accounting	Cisco IOS XE 17.1.1	Prior to Cisco IOS XE Amsterdam 17.1.1 release, the controller did not send accounting messages for AP join and disjoin events during network issues. From Cisco IOS XE Amsterdam 17.1.1 Release and later, the RADIUS server keeps a record of all APs that were down and have come up.

Configure accounting method-list for an AP profile

Define an accounting method list within an access point (AP) profile to enable or disable accounting for AP operations.

Use this task to specify how accounting is managed for an AP profile on your device. This allows tracking of AP events and assists with auditing and troubleshooting

Before you begin

Identify the AP profile name you want to configure. The default AP profile name is default-ap-profile.
Determine the accounting method list name you wish to apply.

Procedure

Step 1

Enter global configuration mode.

Example:

Device#configure terminal

Step 2

Configures the AP profile. The default AP join profile name is default-ap-profile.

Example:

Device(config)# ap profile ap-profile-name

Step 3

Configures the accounting method list for the AP profile.

Example:

Device(config-ap-profile)# [no] accounting method-list method-list-name

Use the no form of this command to disable the accounting method list.

The system associates the specified accounting method list with the AP profile, enabling or disabling accounting

Verify the AP accounting information

Verify the AP accounting information including MAC address, packets sent, packets received, and the method list.

Device#show wireless stats ap accounting
Base MAC 	     Total packet Send    Total packet Received Methodlist
----------------------------------------------------------------------------------------
00b0.e192.0f20     4 				   3 				abc
38ed.18cc.5788     8 				   8 				ML_M
70ea.1ae0.af08     0 				   0 				ML_A

View the details of a method list that is configured for an AP profile.

Device#show ap profile name Method-list detailed
AP Profile Name               : test-profile
Description                   : 
.
.
.
Method-list name              : Method-list
Packet Sequence Jump DELBA    : ENABLED
Lag status                    : DISABLED
.
Client RSSI Statistics
  Reporting                   : ENABLED
  Reporting Interval          : 30 seconds

AAA Accounting

Configure AAA accounting using default method list (CLI)

Set up command accounting on controller using the default AAA method list.

Use this task to monitor and record user command activity on devices through AAA accounting features

Before you begin

Confirm that AAA is enabled on the device.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Create an accounting method list and enables accounting.

Example:

Device(config)# aaa accounting commands 15 default start-stop group group-name

privilege_level : AAA accounting level. The valid range is from zero to 15.
group-name: AAA accounting group that supports only TACACS+ group.

Step 3

Return to privileged EXEC mode.

Example:

Device(config)# end

The controller records user command activities according to the configured accounting method

Configure HTTP command accounting using named method list (CLI)

Set up command accounting on your device using the default AAA method list.

Use this task to monitor and record user command activity on devices through AAA accounting features.

Before you begin

Use this task to monitor and record user command activity on devices through AAA accounting features.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure HTTP command accounting using the named method list.

Example:

Device(config)# ip http accounting commands 1 oneacct

level: Privilege value from 0 to 15. By default, the command privilege levels available on the controller are:
- 0 : Includes the disable, enable, exit, help, and logout commands.
- 1 : Includes all the user-level commands at the controller prompt (>).
- 15 : Includes all the enable-level commands at the controller prompt (>).
named-accounting-method-list : Name of the predefined command accounting method list.

Step 3

Return to privileged EXEC mode.

Example:

Device(config)# end

The device records user command activities in accordance with the configured accounting method.

Feature History for Device Ecosystem Data

This table provides release and related information for the feature explained in this module.

This feature is also available in all the releases subsequent to the one in which they are introduced in, unless noted otherwise.

Table 2. Feature History for Device Ecosystem Data
Release	Feature	Feature Information
Cisco IOS XE Dublin 17.10.1	Device Ecosystem Data	This feature sends device analytics data in the RADIUS accounting request to Cisco ISE to profile the endpoints.

Information About Device Ecosystem Data

Edge analytics is the process of collecting, processing, and analyzing data from devices in a network. The controller learns about endpoint attributes, such as model number, operating system version, and other information from a set of endpoints using device analytics. The device analytics data is further shared with Cisco Identity Services Engine (ISE) to profile the endpoints. This information sharing is in addition to the DHCP and HTTP attributes already being shared with Cisco ISE using RADIUS accounting messages.

Enable Device Ecosystem Data

Note

Before proceeding with the configuration, ensure that device classifier and accounting features are enabled.

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 2	wireless profile policy `policy-profile-name` Example: `Device(config)# wireless profile policy default-policy-profile`	Configures a wireless policy profile.
Step 3	shutdown Example: `Device(config-wireless-policy)# shutdown`	Disables the wireless policy profile.
Step 4	radius-profiling Example: `Device(config-wireless-policy)# radius-profiling`	Configures client radius profiling.
Step 5	dot11-tlv-accounting Example: `Device(config-wireless-policy)# dot11-tlv-accounting`	Configures the controller to send device analytics data that is found in the RADIUS accounting request to Cisco ISE in order to profile the endpoints. The no form of this command disables the feature.
Step 6	no shutdown Example: `Device(config-wireless-policy)# no shutdown`	Enables the wireless policy profile.
Step 7	end Example: `Device(config-wireless-policy)# end`	Returns to privileged EXEC mode.

Verify Device Ecosystem Data

Use the following command to verify device ecosystem data in RADIUS accounting configuration:

Device# show wireless profile policy detailed <name>

.
.
.
WLAN Local Profiling
  Subscriber Policy Name            : Not Configured
  RADIUS Profiling                  : ENABLED
  HTTP TLV caching                  : DISABLED
  DHCP TLV caching                  : DISABLED
  DOT11 TLV accounting              : ENABLED
.
.
.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)