8.3.7 Account function
The Switch use the accounting functionality described below to record the results of authentication operations.
- <Structure of this section>
(1) Account log
Web authentication accounting logs contain information about the use of Web authentication services on the Switch. You can display the log information by using the show web-authentication logging operation command. The following table describes the events recorded as accounting log information.
|
Event |
Time |
User ID |
IP addresses |
MAC addresses |
VLAN ID |
Port No. |
Message |
|---|---|---|---|---|---|---|---|
|
Login succeeded |
OK |
OK |
# #1 |
OK |
# #1 |
# |
Successful authentication Message |
|
logout |
OK |
OK |
# |
OK #2 |
# |
# |
Authentication status cleared Message |
|
Login failed |
OK |
OK |
OK #2 |
OK #2 |
OK #2 |
# #2 |
Reason for failure Message |
|
Forced logout |
OK |
OK |
# #2 |
OK #2 |
OK #2 |
# #2 |
Authentication forcibly cleared Message |
- Legend
-
OK:Output in fixed VLAN mode, dynamic VLAN mode, and legacy mode.
# :Output in fixed VLAN mode and dynamic VLAN mode.
#1: In dynamic VLAN mode, the IP address displayed in the event of a successful authentication is that of the terminal prior to authentication. The VLAN ID is that of the post-authentication VLAN.
#2: Depending on the message, the IP address or other information might not be output.
The Switch can store a maximum of 2100 lines of Web authentication accounting log information. Upon reaching this limit, the switch starts overwriting the existing accounting information in order from the oldest.
(2) Recording RADIUS Servers to Accounting Features
You can enable the accounting feature for the RADIUS server by using the aaa accounting web-authentication default start-stop group radius configuration command. The accounting functionality records the following information: The following information is recorded:
-
Login information. The following information is recorded in the event of a successful login:
Server timestamp, user ID, MAC address
-
Logout information. The following information is recorded upon logout:
Server timestamp, user ID, MAC address, elapsed time between login and logout
-
For a forced logout, the following information is recorded upon logout:
Server timestamp, user ID, MAC address, elapsed time between login and logout
(3) Log in to RADIUS server (function of RADIUS server)
If you are using RADIUS authentication, the accounting feature of the RADIUS server records the success or failure of authentication attempts. Note that the information that is recorded differs depending on the RADIUS server implementation. For details, see the documentation for the RADIUS server deployed in your network.
(4) Logging Operations to syslog Servers
You can output the operation logs for Web authentication to a syslog server. These operation logs include the Web authentication accounting logs. The following figure shows the format of log output to the syslog server.
|
|
![[Figure Data]](./GRAPHICS/ZU208023.GIF)
You can start and stop output to syslog by using the web-authentication logging enable and logging event-kind aut configuration commands.