Interim Accounting Messages; Activating Radius Accounting; Radius Accounting Security; Radius Accounting And High Availability - D-Link NetDefend DFL-210 User Manual

Network security firewall ver 2.26.01
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

2.3.3. Interim Accounting Messages

2.3.3. Interim Accounting Messages
In addition to START and STOP messages NetDefendOS can optionally periodically send Interim
Accounting Messages to update the accounting server with the current status of an authenticated
user. An Interim Accounting Message can be seen as a snapshot of the network resources that an
authenticated user has used up until a given point. With this feature, the RADIUS server can track
how many bytes and packets an authenticated user has sent and received up until the point when the
last message was sent.
An Interim Accounting Message contains the current values of the statistics for an authenticated
user. It contains more or less the same parameters as found in an AccountingRequest Stop message,
except that the Acct-Terminate-Cause is not included (as the user has not disconnected yet).
The frequency of Interim Accounting Messages can be specified either on the authentication server,
or in NetDefendOS. Switching on the setting in NetDefendOS will override the setting on the
accounting server.

2.3.4. Activating RADIUS Accounting

In order to activate RADIUS accounting a number of steps must be followed:
The RADIUS accounting server must be specified.
A user authentication object must have a rule associated with it where a RADIUS server is
specified.
Some important points should be noted about activation:
RADIUS Accounting will not function where a connection is subject to a FwdFast rule in the IP
rule set.
The same RADIUS server does not need to handle both authentication and accounting; one
server can be responsible for authentication while another is responsible for accounting tasks.
Multiple RADIUS servers can be configured in NetDefendOS to deal with the event when the
primary server is unreachable.

2.3.5. RADIUS Accounting Security

Communication between NetDefendOS and any RADIUS accounting server is protected by the use
of a shared secret. This secret is never sent over the network but instead a 16 byte long
Authenticator code is calculated using a one way MD5 hash function and this is used to authenticate
accounting messages.
The shared secret is case sensitive, can contain up to 100 characters, and must be typed exactly the
same for NetDefendOS and for the RADIUS server.
Messages are sent using the UDP protocol and the default port number used is 1813 although this is
user configurable.

2.3.6. RADIUS Accounting and High Availability

In an HA cluster, accounting information is synchronized between the active and passive NetDefend
Tip: The meaning of the asterisk after a list entry
The asterisk "*" symbol after an entry in the list above indicates that the sending of the
parameter is optional and is configurable.
Chapter 2. Management and Maintenance
60

Advertisement

Table of Contents
loading

Table of Contents