Hello once again,<br>
<br>
<br>
Thank you for your help in resolving this problem. I have counters
increasing now after defining Max-Daily-Session for DEFAULT user in the
users file like below and adding the line aaa accounting dot1x default
start-stop group radius suggested by Alan Buxey to config on my Cisco 2960 switch NAS.<br>
<br>DEFAULT Service-Type == Login-User<br>
Framed-IP-Address = 255.255.255.254,<br>
Framed-MTU = 576,<br>
Max-Daily-Session = 240,<br>
<br>
I found the following in the log<br><br>
### Debug log ###<br>
rlm_counter: Entering module authorize code<br>
rlm_counter: Searching the database for key 'clare'<br>
rlm_counter: Key Found.<br>
rlm_counter: Check item = 240, Count = 2386<br>
rlm_counter: Rejected user clare, check_item=240, counter=2386<br>
modcall[authorize]: module "daily" returns reject for request 0<br>
modcall: leaving group authorize (returns reject) for request 0<br>
Invalid user (rlm_counter: Maximum hourly usage time reached): [clare]
(from client C2960_NOC_LAN1 port 50009 cli 00-1E-33-D5-7A-68)<br>
Delaying request 0 for 1 seconds<br>
Finished request 0<br>
Going to the next request<br>
--- Walking the entire request list ---<br>
Waking up in 1 seconds...<br>
--- Walking the entire request list ---<br>
Waking up in 1 seconds...<br>
--- Walking the entire request list ---<br>
Sending Access-Reject of id 230 to 10.1.5.4 port 1645<br>
Reply-Message = "Your maximum hourly usage time has been reached"<br><br><br>I realise user clare is rejected only when user login after cable is unplugged and plugged back into the computer. What it means is that when a user login and is granted access, user's counter keeps increasing beyond the Max-Daily-Session until cable is unplugged from the computer.When cable is plugged back into the computer and user is prompted to login, user is rejected because he/she has exceeded the maximum daily session. <br>
<br>What I want to achieve is to get user session disconnected/timeout automatically while cable is still plugged in and user reaching his/her maximum daily session set for the day. I hope it is possible to do :)<br><br>I have the following config on my NAS- Cisco 2960 switch<br>
<br>aaa authentication login default group radius local<br>aaa authentication dot1x default group radius<br>aaa authorization exec default group radius if-authenticated<br>aaa authorization network default group radius<br>
aaa accounting suppress null-username<br>aaa accounting session-duration ntp-adjusted<br>aaa accounting update newinfo periodic 1<br>aaa accounting dot1x default start-stop group radius<br>aaa accounting exec default start-stop group radius<br>
aaa accounting network default start-stop group radius<br>aaa accounting connection default start-stop group radius<br>aaa accounting resource default start-stop-failure group radius<br><br>interface FastEthernet0/9<br>switchport access vlan 6<br>
switchport mode access<br>authentication host-mode multi-auth<br>authentication port-control auto<br>authentication periodic<br>authentication timer reauthenticate 60<br>authentication violation protect<br>dot1x pae both<br>
dot1x max-req 3<br>spanning-tree portfast<br>