Accounting assisstance

Mon Apr 28 02:45:32 UTC 2025

Hello,

I am trying to set up accounting to log commands entered into a switch.
What log file will FreeRADIUS log the accounting commands too?

Here is my config:

Cisco 3550-EMI
username tmb privilege 15 secret 5 <Removed>

aaa new-model

aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated local
aaa accounting exec default start-stop group radius
aaa accounting commands 1 default stop-only group radius

aaa session-id common

ip radius source-interface Vlan60
radius-server host 10.0.0.1 auth-port 1812 acct-port 1813
radius-server key 7 <Removed>

FreeRADIUS Config:
### Configure listening IP Socket
sudo vim /usr/lib/systemd/system/freeradius.service
ExecStart=/usr/sbin/freeradius -f $FREERADIUS_OPTIONS -i 10.0.0.1 -p
1812-1813

# Define Listening socket
sudo vim  /etc/freeradius/3.0/radiusd.conf

listen {
        ipv4addr = 10.0.0.1,
        port = 1812,
        type = auth
}

listen {
        ipv4addr = 10.0.0.1,
        port = 1813,
        type = acct
}

### Free RADIUS Configuration
sudo vim /etc/freeradius/3.0/clients.conf

client 10.0.0.0/8 {
ipv4addr = 10.0.0.0/8
secret = FreeRadiusSecret#1
nastype = cisco
shortname = Butter.net
}

### FreeRADIUS User Config
sudo vim /etc/freeradius/3.0/users

tmb Cleartext-Password := "620978"
    Service-Type = NAS-Prompt-User,
    Cisco-AVPair = "shell:priv-lvl=15"

# FreeRADIUS group config

DEFAULT Group == "cisco-rw"
        Service-Type = NAS-Prompt-User,
        Cisco-AVPair == 'shell:priv-lvl=15',
        User-Name = tmb

I see that both sockets have been bound:
netstat -l -n | grep 181
udp        0      0 10.0.0.1:1812           0.0.0.0:*

udp        0      0 10.0.0.1:1813           0.0.0.0:*

I have AAA and RADIUS debugging enabled but it is not showing me anything.
Core-3550-EMI-1#show debugging
Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%
Time source is NTP, 22:34:52.993 Eastern Sun Apr 27 2025

General OS:
 AAA Accounting debugging is on

Radius protocol debugging is on
Radius packet protocol (accounting) debugging is on

show log:
000621: Apr 27 22:34:09.147 Eastern: AAA/ACCT/EXEC(00000006): Pick method
list 'default'
000622: Apr 27 22:34:09.147 Eastern: AAA/ACCT/SETMLIST(00000006): Handle 0,
mlist 0250E700, Name default
000623: Apr 27 22:34:09.147 Eastern: Getting session id for EXEC(00000006)
: db=23DA658
000624: Apr 27 22:34:09.147 Eastern: AAA/ACCT/EXEC(00000006): add, count 2
000625: Apr 27 22:34:09.147 Eastern: AAA/ACCT/EVENT/(00000006): EXEC UP
000626: Apr 27 22:34:09.151 Eastern: AAA/ACCT/EXEC(00000006): Queueing
record is START
000627: Apr 27 22:34:09.151 Eastern: AAA/ACCT(00000006): Accounting
method=radius (RADIUS)
000663: Apr 27 22:34:28.107 Eastern: AAA/ACCT/EXEC(00000006): START
protocol reply FAIL
000664: Apr 27 22:34:28.107 Eastern: AAA/ACCT(00000006): Accounting
method=NOT_SET

000631: Apr 27 22:34:09.151 Eastern: RADIUS/ENCODE: Best Local IP-Address
10.1.1.1 for Radius-Server 10.0.0.1
000632: Apr 27 22:34:09.151 Eastern: RADIUS(00000006): Send
Accounting-Request to 10.0.0.1:1813 id 1646/11, len 90
000633: Apr 27 22:34:09.151 Eastern: RADIUS:  authenticator 3A F3 6C 4B 06
17 9B 41 - 77 74 DB 8A 2E 94 2D 6C
000634: Apr 27 22:34:09.151 Eastern: RADIUS:  Acct-Session-Id     [44]  10
 "00000006"
000635: Apr 27 22:34:09.151 Eastern: RADIUS:  User-Name           [1]   5
"tmb"
000636: Apr 27 22:34:09.151 Eastern: RADIUS:  Acct-Authentic      [45]  6
RADIUS                    [1]
000637: Apr 27 22:34:09.155 Eastern: RADIUS:  Acct-Status-Type    [40]  6
Start                     [1]
000638: Apr 27 22:34:09.155 Eastern: RADIUS:  NAS-Port            [5]   6
0
000639: Apr 27 22:34:09.155 Eastern: RADIUS:  NAS-Port-Id         [87]  6
"tty0"
000640: Apr 27 22:34:09.155 Eastern: RADIUS:  NAS-Port-Type       [61]  6
Async                     [0]
000641: Apr 27 22:34:09.155 Eastern: RADIUS:  Calling-Station-Id  [31]  7
"async"
000642: Apr 27 22:34:09.155 Eastern: RADIUS:  Service-Type        [6]   6
NAS Prompt                [7]
000643: Apr 27 22:34:09.155 Eastern: RADIUS:  NAS-IP-Address      [4]   6
10.1.1.1
000644: Apr 27 22:34:09.155 Eastern: RADIUS:  Acct-Delay-Time     [41]  6
0
000645: Apr 27 22:34:09.155 Eastern: RADIUS(00000006): Started 5 sec timeout
000646: Apr 27 22:34:13.771 Eastern: RADIUS(00000006): Request timed out
000647: Apr 27 22:34:13.771 Eastern: RADIUS: acct-delay-time for 800043CC
(at 80004420) now 4
000648: Apr 27 22:34:13.771 Eastern: RADIUS: Retransmit to (10.0.0.1:1812,1813)
for id 1646/11
000649: Apr 27 22:34:13.771 Eastern: RADIUS(00000006): Started 5 sec timeout
000650: Apr 27 22:34:18.795 Eastern: RADIUS(00000006): Request timed out
000651: Apr 27 22:34:18.795 Eastern: RADIUS: acct-delay-time for 800043CC
(at 80004420) now 9
000652: Apr 27 22:34:18.795 Eastern: RADIUS: Retransmit to (10.0.0.1:1812,1813)
for id 1646/11
000653: Apr 27 22:34:18.795 Eastern: RADIUS(00000006): Started 5 sec timeout
000654: Apr 27 22:34:23.403 Eastern: RADIUS(00000006): Request timed out
000655: Apr 27 22:34:23.403 Eastern: RADIUS: acct-delay-time for 800043CC
(at 80004420) now 14
000656: Apr 27 22:34:23.403 Eastern: RADIUS: Retransmit to (10.0.0.1:1812,1813)
for id 1646/11
000657: Apr 27 22:34:23.403 Eastern: RADIUS(00000006): Started 5 sec timeout
000658: Apr 27 22:34:28.107 Eastern: RADIUS(00000006): Request timed out
000659: Apr 27 22:34:28.107 Eastern: RADIUS: acct-delay-time for 800043CC
(at 80004420) now 18
000660: Apr 27 22:34:28.107 Eastern: RADIUS: No response from
(10.0.0.1:1812,1813)
for id 1646/11
000661: Apr 27 22:34:28.107 Eastern: RADIUS/DECODE: parse response no app
start; FAIL
000662: Apr 27 22:34:28.107 Eastern: RADIUS/DECODE: parse response; FAIL

000765: Apr 27 22:43:56.532 Eastern: RADIUS: acct-delay-time for 80002DEC
(at 80002E40) now 4
000766: Apr 27 22:43:56.532 Eastern: RADIUS: Retransmit to (10.0.0.1:1812,1813)
for id 1646/13
000767: Apr 27 22:43:56.532 Eastern: RADIUS(00000007): Started 5 sec timeout

Any ideas are appreciated!

Thanks

Tim

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀