Setting Up RADIUS Accounting

This chapter discusses how to set up RADIUS accounting. This chapter contains:

What is RADIUS accounting?

Setting up RADIUS accounting

Understanding accounting records

What is RADIUS accounting?

• Start session

  This event denotes the beginning of a session with the MAX. Information about this event appears in an accounting Start record.

• Stop session

  This event denotes the end of a session with the MAX. Information about this event appears in an accounting Stop record.

• Failure-to-start session

  This event denotes that a login attempt has failed. Information about this event appears in an accounting Failure-to-start record.

You can also specify that RADIUS send periodic Checkpoint records during a user's session. If there is a disruption in the network that disconnects active users, you can use these Checkpoint records to reconstruct usage in the absence of accounting Stop records. See Accounting attributes in Checkpoint records for more information.

You can use RADIUS accounting for either of these purposes:

• To gather billing information.

  You can use the information in an accounting record to determine who called, how long the session lasted, and how much traffic occurred during the session.

• To perform troubleshooting of RADIUS and MAX operations.

  Accounting records can contain information about how many login failures occurred, and can describe the characteristics of the failed attempts.

• to determine whether RADIUS accounting is enabled, and the specific time when an accounting server begins operating or is stopped.

usr/adm/radacct/<host>/detail

What kinds of packets does RADIUS accounting use?

• Accounting Start packets, signaling a Start session event

  When the MAX begins a terminal server, bridging, or routing session, and the call passes authentication or the user logs in, the MAX sends an Accounting Start packet to the RADIUS accounting server. This packet describes the type of session being opened and the name of the user opening the session.

  The MAX does not send an Accounting Start packet if a call fails authentication or otherwise fails to log in. In some cases, a session begins with a user login and then authentication follows, such as when a terminal server user chooses PPP or SLIP after login.

  If User-Service=Login-User, or if User-Service is unspecified, the MAX sends an Accounting Start packet after login. Information from an Accounting Start packets appears in a Start record in the log file.

  Note: Set Ethernet > Mod Config > Auth > Framed Addr Start to Yes to direct the MAX to generate a second Start record when a user logs in using the terminal server and starts a PPP session. The second Start records contains the user's Framed-Address and Framed- Protocol attributes.

• Accounting Stop packets, signaling a Stop session or Failure-to-start session event.

  At the end of a session, including cases in which a user fails to authenticate, the MAX sends an Accounting Stop packet. Information from an Accounting Stop packet appears in a Stop record or Failure-to-start record in the log file.

• Failure-to-start packets, indicating that a login attempt has failed. Information from a Failure-to-start packet appears in a call logging Failure-to-start record.

  When the MAX recognizes a call logging event, it sends a call logging request to the call logging server. When the call logging server receives the request, it combines the information into a record and timestamps it. Each type of call logging record contains attributes associated with an event type, and can show the number of packets the MAX transmits and receives, the protocol in use, the user name and IP address of the client, and so on.

  For information on setting up call logging, see Configuring call logging on a system-wide basis.

• Accounting checkpoint packets, sent during an active user session at intervals you specify.

  These enable you to reconstruct information on each user session before a disruption if connectivity is lost before a RADIUS stop record can be sent for the session.

• Ascend-Event-Request packets, signaling the occurence of an event, such as a coldstart.

• Ascend-Event-Response packets, sent in response to an Ascend-Event-Request packet.

Setting up RADIUS accounting

• Install and configure the RADIUS daemon.

• Specify system-wide accounting server parameters.

• Configure system-wide call logging, ifyou plan to send records to a different call logging server than the primary RADIUS accounting server.

• Configure accounting on a per-user basis.

• Use SNMP to specify the primary RADIUS server.

• Configure accounting with dynamic IP addressing

1. Install the most recent Ascend RADIUS daemon, as described in Installing the RADIUS daemon.

2. Add a line to /etc/services file identifying the RADIUS daemon's accounting port.

   For example, you might enter this command line:

   radacct      1646/udp      #radius-accounting
   

   The port number you specify must match the port number indicated by the Acct Port parameter in the Ethernet>Mod Config>Accounting menu, as discussed in step 6. You can use a value other than 1646, as long as the Acct Port setting matches the value.

3. If necessary, create the /usr/adm/radacct directory.

   Or, when starting the daemon, you can use the -a option to specify a different directory in which to store accounting information. The accounting process in the daemon creates a file named detail in /usr/adm/radacct, or in the directory you specify using the -a option. The detail file will contain accounting records.

4. Start the RADIUS daemon with the -A option enabled.

   To start the RADIUS daemon using a flat ASCII file, enter this command line:

   radiusd -A services | incr
   

   When you specify the services argument, the daemon creates the accounting process only if a line defining the UDP port to use for accounting appears in the /etc/services file. Otherwise, daemon does not start.

   When you specify the incr argument, the daemon creates the accounting process with the UDP port specified as the accounting port in the /etc/services file. If you have not defined the port, the daemon increments the UDP port specified for radiusd and uses that port number. This action is the default you do not specify the -A argument.

   To start the RADIUS daemon using a UNIX DBM database, enter this command line:

   radiusd.dbm -A services
   

   You must specify the services argument when you start the daemon in DBM mode.

1. In the MAX configuration interface, open the Ethernet menu.

2. Open the Mod Config menu.

3. Open the Accounting menu.

4. Set Acct=RADIUS.

   This setting indicates that the MAX sends accounting information to the RADIUS server specified by Acct Host #1, Acct Host #2, or Acct Host #3, whichever is available.

5. For each Acct Host parameter, specify the IP address of a RADIUS accounting server.

   You can specify up to three addresses. The MAX first tries to connect to Acct Host #1. If it receives no response within the time specified by the Acct Timeout parameter, it tries to connect to Acct Host #2. If it again receives no response within the time specified by Acct Timeout, it tries to connect to Acct Host #3. If the MAX unit's request again times out, it reinitiates the process with Acct Host #1. The MAX can complete this cycle of requests a maximum of ten times.

   When it successfully connects to an accounting server, the MAX uses that machine until it fails to serve requests. By default, the MAX does not use the first host until the second machine fails, even if the first host has come online while the second host is still servicing requests. However, you can use SNMP to specify that the MAX use the first host again. For details, see Specifying when the MAX uses the primary accounting server.

   You can also specify the same address for all three Acct Host parameters. If you do so, the MAX keeps trying to create a connection to the same server.

6. For the Acct Port parameter, enter the UDP port number you specified for the authentication process of the daemon in /etc/services.

   Or, if you used the incr keyword with the -A option when starting the daemon, specify the number of the UDP port for authentication services + 1.

7. To specify the number of seconds the MAX waits for a response to a RADIUS accounting request, set the Acct Timeout parameter.

   You can specify a value between 1 and 10. The default value is 1.

8. Enter the RADIUS client password in the Acct Key parameter exactly as it appears in the RADIUS clients file.

9. Set the Sess Timer parameter.

   The MAX can report the number of sessions by class to a RADIUS accounting server. The Sess Timer parameter specifies the interval in seconds in which the MAX sends
   session reports. You can specify a number between 0 and 65535.The default value is 0 (zero), which indicates that the MAX does not send reports on session events.

10. To specify whether the numeric base of the RADIUS Acct-Session-ID attribute is 10 or 16, set the Acct-ID Base parameter.

    This parameter controls how the MAX presents the Acct-Session-ID attribute to the accounting server. You can specify one of these settings:

    • 10 (decimal) indicates that the numeric base is 10. The default value is 10.

    • 16 (hexadecimal) indicates that the numeric base is 16.

    For example, when you set Acct-ID Base=10, the MAX presents a typical session ID to the accounting server in this way:

    "1234567890"

    When you set Acct-ID Base=16, the MAX presents the same session ID in this way:

    "499602D2"

    Note: Changing the value of Acct-ID Base while sessions are active results in inconsistent reporting between the Start and Stop records.

11. To specify the source port to use for sending a RADIUS accounting request, set the Acct Src Port parameter.

    Specify a port number between 0 and 65535. The default value is 0 (zero). If you accept this value, the Ascend unit can use any port number between 1024 and 2000. You can specify the same source port for authentication and accounting requests.

12. Specify the number of times the MAX sends an accounting request before it gives up in the Acct Max Retry parameter.

    Enter an integer to specify the maximum number of retries permitted. Enter a 0 to disable this feature.

13. Set the Allow Stop Only parameter to specify whether the MAX can send accounting Stop packets that do not contain a username to the RADIUS server.

    Yes allows the MAX to send a Stop packet with no username if a connection is terminated before authentication occurs or if the password supplied by the user if rejected. No prevents the MAX from sending such a Stop packet.

14. Set the Acct Checkpoint parameter to specify the interval at which the MAX sends checkpoint log records for an active user session.

    Enter a number between 0 to 60 to specify the interval in minutes. 0 is the default, and specifies that the MAX send no checkpoint messages.

15. Save your changes.

• Start session. Denotes the beginning of a session with the MAX. Information about this event appears in an logging Start record.

• Stop session. Denotes the end of a session with the MAX. Information about this event appears in a call logging Stop record.

• Failure-to-start session. Denotes that a login attempt has failed. Information about this event appears in a call logging Failure-to-start record.

You can use call logging for either of the following purposes:

• To gather management information. You can use the information in a call logging record to determine who called, how long the session lasted, and how much traffic occurred during the session.

Performing required accounting configuration tasks

• System-wide call logging parameters

• Call Logging port in /etc/services

• Call Logging directory

1. In the External-Auth profile, set Acct-Type =RADIUS.

2. Open the Call Logging subprofile.

3. For each Host #n parameter, specify the IP address of a Call Logging host.

4. For the Dst Port parameter, enter the UDP port number you specified, in /etc/ services, for the authentication process of the daemon. Or, if you used the incr keyword with the -A option when starting the daemon, add 1 to the number of the UDP port for authentication services and enter the sum.

5. For the Key parameter, enter the RADIUS client password, exactly as it appears in the RADIUS clients file.

radacct      1646/udp      #Call Logging

Specifying the call logging directory

Performing optional call logging configuration tasks

• Timeout value

• Numeric base for the session ID

• Call Logging port

Specifying a timeout value

Specifying the numeric base for the session ID

• Acct-Base-10 (decimal) indicates that the numeric base is 10. The default value is 10.

• Acct-Base-16 (hexadecimal) indicates that the numeric base is 16.

"1234567890"

"499602D2"

Specifying the call logging port

Setting up call logging with dynamic IP addressing

To track calls during the authentication period, you must set up one or more IP address pools, as described elsewhere. Then, in the Rad-Auth-Client subprofile of the External-Auth profile, set Auth-Pool=Yes.

When Auth-Pool=Yes, the MAX includes the caller's assigned IP address as the value of the Framed-Address attribute. The MAX allocates this address from pool #1. (If you do not define pool #1, the call does not have an IP address during authentication.) Because an IP assignment is not usually part of an Access-Request, you must modify the RADIUS daemon.

The assigned IP address might not last the duration of the connection, or it might not be meaningful. Here are five possibilities:

• If Assign-Address=No in the IP-Answer subprofile of the Answer-Defaults profile, and the caller's RADIUS user profile does not supply an IP address for the caller, the MAX returns the IP address to pool #1. However, the address continues to appear in call logging entries.

• If Assign-Address=No and the caller's RADIUS user profile supplies an IP address for the caller, the MAX returns the IP address to pool #1. The IP address from the user profile appears in call logging entries.

• If Assign-Address=Yes, and Ascend-Assign-IP-Pool in the RADIUS user profile points to a pool that has no valid IP address, the IP address from pool #1 appears in call logging entries. The MAX returns the address to the pool only when the call disconnects.

• If Assign-Address=Yes and Must-Accept-Address-Assign=Yes on the MAX, and Ascend-Assign-IP-Pool points to a pool that has a valid IP address, the IP address from that pool appears in call logging entries for the duration of the call. The MAX returns the address to the pool when the call disconnects.

• If Assign-Address=Yes, Must-Accept-Address-Assign=No, Ascend-Assign-IP-Pool points to a pool that has a valid IP address, and the caller does not specify an address, the IP address from the pool appears in call logging entries. If the caller does specify an IP address, that address appears in call logging entries.

The per-user accounting feature allows a network reseller to direct accounting information about specific users to a RADIUS server belonging to each ISP. Each RADIUS user profile can determine the accounting policy by specifying that accounting data goes to one of these locations:

• The RADIUS accounting server specified by the Ascend-User-Acct-Host attribute in the RADIUS user profile.

• The default server specified in the Ethernet>Mod Config>Accounting menu by Acct Host #1, Acct Host #2, or Acct Host #3, whichever is available.

  By default, the MAX uses the server specified in the Accounting menu.

• Both servers.

When you set up accounting on a per-user basis, you use the attributes specified in Table 8-1.

Table 8-1. Per-user accounting attributes

Attribute	Description	Possible values
Ascend-User-Acct-Base (142)	Specifies whether the numeric base of the RADIUS Acct-Session-ID attribute is 10 or 16.	Ascend-User-Acct-Base-10 (0) Ascend-User-Acct-Base-16 (1) The default value is Ascend-User-Acct-Base-10.
Ascend-User-Acct-Host (139)	Specifies the IP address of the RADIUS server to use for this connection.	IP address in dotted decimal notation n.n.n.n, where n is an integer between 0 and 255. The default value is 0.0.0.0.
Ascend-User-Acct-Key (141)	Specifies the RADIUS client password as it appears in the clients file.	Text string. The default value is null.
Ascend-User-Acct-Port (140)	Specifies a UDP port number for the connection.	The UDP port number you indicated for the authentication process of the daemon in /etc/services. Or, if you used the incr keyword to the -A option when starting the daemon, the number of the UDP port to use for authentication services + 1. You can specify a number between 1 and 32767.
Ascend-User-Acct-Time (143)	Specifies the number of seconds the MAX waits for a response to a RADIUS accounting request.	Integer from 1 to 10. The default value is 1.
Ascend-User-Acct-Type (138)	Specifies the RADIUS accounting server(s) to use for this connection.	Ascend-User-Acct-None (0) Ascend-User-Acct-User (1) Ascend-User-Acct-User-Default (2) The default value is Ascend-User-Acct-None.

To specify a RADIUS accounting server in a RADIUS user profile, follow these steps:

1. Set up the RADIUS user profile, as discussed in the preceding chapters.

2. Set the Ascend-User-Acct-Type attribute.

   You can specify one of these settings:

   • Ascend-User-Acct-None (0). This setting indicates that the MAX sends accounting information to the RADIUS server specified by the Acct Host #1, Acct Host #2, or Acct Host #3 parameter in the Ethernet>Mod Config>Accounting menu, depending on which server is available. This server is known as the default server.

   • Ascend-User-Acct-User (1). This setting indicates that the MAX sends accounting information to the RADIUS server specified by the Ascend-User-Acct-Host attribute in the RADIUS user profile.

   • Ascend-User-Acct-User-Default (2). This setting indicates that the MAX sends accounting information both to the RADIUS server specified by the Ascend-User-Acct-Host attribute in the RADIUS user profile and to the default server.

3. To specify the IP address of the RADIUS accounting server to use for this connection, set the Ascend-User-Acct-Host attribute.

4. For the Ascend-User-Acct-Port attribute, enter the UDP port number you specified for the authentication process of the daemon in /etc/services.

   Or, if you used the incr keyword to the -A option when starting the daemon, specify the number of the UDP port to use for authentication services + 1. You can specify a number between 1 and 32767.

5. To specify the number of seconds the MAX waits for a response to a RADIUS accounting request, set the Ascend-User-Acct-Time attribute.

   You can specify a number between 1 and 10. The default value is 1.

   If the MAX does not receive a response within the time specified by Ascend-User-Acct-Time, it sends the accounting request to the next accounting server specified by the Acct Host parameter, to the server specified by the Ascend-User-Acct-Host attribute, or both. If Acct=User+Default or Ascend-User-Acct-Type=Ascend-User-Acct-User-Default, the MAX sends two different packets-one to the server defined in the user profile, and one to the default server.

6. For the Ascend-User-Acct-Key attribute, specify the RADIUS client password exactly as it appears in the RADIUS clients file.

7. To specify whether the numeric base of the RADIUS Acct-Session-ID attribute is 10 or 16, set the Ascend-User-Acct-Base attribute.

   This attribute controls how the MAX presents the Acct-Session-ID attribute to the accounting server. You can specify one of these settings:

   • Ascend-User-Acct-Base-10 indicates that the numeric base is 10. The default value is 10.

   • Ascend-User-Acct-Base-16 indicates that the numeric base is 16.

   For example, when you set Ascend-User-Acct-Base=Ascend-User-Acct-Base-10, the MAX presents a typical session ID to the accounting server in this way:

   "1234567890"

   When you set Ascend-User-Acct-Base=Ascend-User-Acct-Base-16, the MAX presents the same session ID in this way:

   "499602D2"

   Note: Changing the value of Ascend-User-Acct-Base while sessions are active results in inconsistent reporting between the Start and Stop records.

However, you can specify that the MAX use the primary accounting server in two ways:

• Use an SNMP set command to specify that the MAX use the first host again.

  Such a need might arise if the primary server is shut down for service and then becomes available again. Every time you reset the server using the set command, the MAX generates an SNMP trap. The MAX also generates a trap if it changes to the next server because the current server fails to respond.

  For details, see the Ascend Enterprise MIB. You can download the most up-to-date verson of the Ascend Enterprise MIB by logging in as anonymous to ftp.ascend.com. (No password is required.)

• Set Acct Reset Timeout in the Ethernet Profile to a value other than zero (0).

1. Set up one or more IP address pools.

   For details, see Defining a pool of IP addresses for dynamic assignment.

2. In the MAX configuration interface, open the Ethernet menu.

3. Open the Mod Config menu.

4. Open the Auth menu.

5. Set Auth Pool=Yes.

   When Auth Pool=Yes, the MAX includes the caller's assigned IP address in a specially modified Access-Request packet. Since an IP assignment is not normally part of an Access-Request, you must modify the RADIUS daemon receiving the message to receive the Framed-Address value in the Access-Request.

   When the MAX sends an Access-Request packet to the RADIUS server, it includes the assigned IP address in the Framed-Address attribute. The MAX allocates this address from pool #1. (If you do not define pool #1, the call does not have an IP address during authentication.) The assigned IP address might not last the duration of the connection or might not be meaningful. Here are five possibilities:

   • If Assign Adrs=No and the caller's RADIUS user profile does not supply an IP address for the caller, the MAX returns the IP address to pool #1, but the address continues to appear in RADIUS accounting entries.

   • If Assign Adrs=No and the caller's RADIUS user profile does supply an IP address for the caller, the IP address from pool #1 returns to the pool, and the IP address from the user profile appears in RADIUS accounting entries.

   • If Assign Adrs=Yes and Ascend-Assign-IP-Pool in the RADIUS user profile points to a pool that has no valid IP address, the IP address from pool #1 appears in RADIUS accounting entries, and returns to the pool only when the call disconnects.

   • If Assign Adrs=Yes, Assign Only=Yes, and Ascend-Assign-IP-Pool points to a pool that has a valid IP address, the IP address from that pool appears in RADIUS accounting entries for the duration of the call, and returns to the pool when the call disconnects.

   • If Assign Adrs=Yes, Assign Only=No, and Ascend-Assign-IP-Pool points to a pool that has a valid IP address, the IP address from that pool appears in RADIUS accounting entries, unless the caller specifies an address.
     If the caller specifies an IP address, it appears in RADIUS accounting entries and the IP address derived from the pool is returned.

6. Save your changes.

If you include the Class attribute in the RADIUS user profile, the RADIUS server sends it to the MAX in the Access-Accept packet when the session begins. Class then appears in Accounting-Request packets the MAX sends to the RADIUS accounting server whenever a session starts and whenever a session stops (as long as the Auth parameter on the MAX is not set to RADIUS/LOGOUT). The accounting entries give the class on a per-user and per-session basis.

The Ascend-Number-Sessions attribute reports information on all user sessions-that is, on the number of current sessions of each class. The attribute has a compound value. The first part specifies a user-session class. The second part reports the number of active sessions in that class. In the case of multichannel calls, such as MP+ calls, each separate connection counts as a session.

On the MAX, you can set the Sess Timer parameter in the Ethernet>Mod Config>Accounting menu to send accounting requests at regular intervals. At the specified interval, the MAX reports the number of open sessions by sending an Ascend-Event-Request packet (code 33). This packet contains the NAS-Identifier attribute, followed by a list of Ascend-Number-Sessions attributes.

Only RADIUS daemons you customize to recognize packet code 33 respond these request packets from the MAX. Other accounting daemons ignore it. Therefore, the standard Livingston RADIUS daemon and the Ascend accounting daemon both ignore this attribute.

When modifying the daemon, make sure that it recognizes an Ascend-Event-Request packet in this format:

Code (8-bit)=33

Identifier (8-bit) 

Length (16-bit)

Authenticator (48-bit for an accounting server, 64-bit for an 
authentication server)

List of attributes

Understanding accounting records

• non-accounting attributes in accounting records

• accounting attributes in Start records

• accounting attributes in Stop records

Non-accounting attributes in accounting records

Of the attributes listed in Table 8-2, only the NAS-Identifier attribute can appear in a Failure-to-start record.

Table 8-2. Non-accounting attributes in accounting records

Attribute	Description
Ascend-Dial-Number (227)	Specifies the phone number of the device that originated the connection.
Ascend-Home-Agent-IP-Addr (183)-Stop records only	Indicates the IP address of the home agent used for this mobile client. This attribute is reported when the following are true: you use it or a combination of attributes 129 and 130 in the user profile the Accounting-Request packet is a Stop packet the session was authenticated and encapsulated by means of Ascend Tunnel Management Protocol (ATMP) You should use Ascend-Primary-Home-Agent (129) and Ascend-Secondary-Home-Agent in the user profile. The RADIUS accounting Stop record includes Ascend-Home-Agent-IP-Addr (183) and not attributes 129 and 130.
Ascend-Home-Agent-UDP-Port (186)-Stop records only	Indicates the UDP port number to use when the foreign agent sends ATMP packets to the home agent.
Ascend-Home-Network-Name (185)	Indicates the name of the Connection profile through which the home agent sends all packets it receives from the mobile client during ATMP operation. This attribute is not present if the home agent is configured in router mode (see Chapter 7, Setting Up Virtual Private Networks in RADIUS. Appears in the Stop record when the Accounting-Request packet is a Stop packet the session was authenticated and encapsulated by means of Ascend Tunnel Management Protocol (ATMP)
Ascend-Modem-PortNo (120)	Specifies the modem used for the call (Stop records only).
Ascend-Modem-SlotNo (121)	Specifies the slot containing the modem used for the call (Stop records only).
Caller-Id (31)	Specifies the calling-party number, indicating the phone number of the user that has connected to the MAX.
Class (25)	Enables access providers to classify their user sessions, such as for the purpose of billing users depending on the service option they choose. The default value for the Class attribute is null.
Client-Port-DNIS (30)	Specifies the called number, indicating the phone number the user dialed to connect to the MAX.
Framed-Address (8)	Specifies the IP address of the user starting the session. The default value is 0.0.0.0.
Framed-IPX-Network (23)	Specifies the network number of the router at the remote end of the connection. The default value is null.
Framed-Protocol (7)	Specifies the kind of protocol the connection uses: PPP (1) SLIP (2) MPP (256) EURAW (257) EUUI (258) COMB (260) FR (261) ARA (262) FR-CIR (263) By default, the MAX does not restrict the type of protocol a user can access.
NAS-Identifier (4)	Indicates the IP address of the MAX. This attribute does not appear in an Accounting-Stop packet for a Failure-start-session event.
NAS-Port (5)	Indicates the interface and service the session is using with a 5-digit value in this format: <service> <line number> <channel> This attribute does not appear in an Accounting-Stop packet for a Failure-start-session event.
NAS-Port-Type (61)	Specifies the type of service in use for the session: synchronous ISDN asynchronous (MAX routes the call to a modem)
Tunneling-Protocol	Indicates whether or not a session used the ATMP tunneling protocol.
User-Name (1)	Specifies the name of the user starting the session.

Accounting attributes in Start records

Table 8-3. Accounting-specific attributes in Start records

Accounting attributes in Stop records

Table 8-4. Accounting-specific attributes in Stop records

Accounting attributes in Failure-to-start records

• Acct-Delay-Time (41)

• Acct-Session-Id (44)

• Acct-Status-Type (40)

• Ascend-Connect-Progress (196)

• Ascend-Data-Rate (197)

• Ascend-Disconnect-Cause (195)

• Ascend-PreSession-Time (198)

Accounting attributes in Checkpoint records

Call logging records

• Where call logging records are stored

• What kinds of packets call logging uses

• Which attributes appears in each type of packet

usr/adm/radacct/host/detail

What kinds of packets does call logging use?

Call logging Start packets

The MAX does not send an Call logging Start packet if a call fails authentication or otherwise fails to log in. In some cases, a session begins with a user login and then authentication follows, such as when a terminal server user chooses PPP or SLIP after login. If User-Service=Login-User, or if User-Service is unspecified, the MAX sends an Call logging Start packet after login.

Information from an Call logging Start packet appears in a Start record in the log file.

Call- logging Stop packets

Non-call logging attributes in call logging records

• An call logging record can contain attributes that are not call logging specific. The following table lists them. Of the attributes listed in the table, only the NAS-Identifier attribute can appear in a Failure-to-start record.

Call logging attributes in Start records

Call Logging-specific attributes in Start records

Attribute	Description
Acct-Authentic (45)	Specifies the method the MAX used to authenticate an incoming call: RADIUS (1) specifies that RADIUS authenticated the incoming call. Local (2) specifies that the MAX used a local Connection profile, TACACS profile, or TACACS+ profile, or that the MAX accepted the call without authentication.
Acct-Delay-Time (41)	Specifies the number of seconds the MAX has been trying to send the Call Logging packet. In an Call Logging Start packet, this value is 0 (zero).
Acct-Session-Id (44)	Consists of a unique numeric string identified with the bridging, routing, or terminal-server session reported in the Call Logging packet. The string is a random number of up to seven digits. RADIUS correlates the Call Logging Start packet and Call Logging Stop packet with Acct-Session-Id. Its value can range from 1 to 2,137,383,647.
Acct-Status-Type (40)	Requests that have Acct-Status-Type=Start are Call Logging Start packets. The information in these packets appears in Start records. Requests that have Acct-Status-Type=Stop are Call Logging Stop packets. The information in these packets appears in Stop or Failure-to-start records. Requests that have Acct-Status-Type=Accounting-On (7) are sent when either of the following occurs The MAX is booted up and the Acct=RADIUS in the Ethernet > Mod Config > Accounting menu. You set the Acct parameter RADIUS and save the configuration while the MAX is running. Requests that have Acct-Status-Type=Accounting-Off (8) are sent when one of the following occurs: You reset the MAX. You set Acct to either None or TACACS+ and save the configuration while the MAX is running. You change the setting of the Auth parameter in the Ethernet>Mod Config>Auth menufrom RADIUS to RADIUS/LOGOUT. When Auth=RADIUS/LOGOUT, Acct is set to N/A, and RADIUS accounting is disabled.
Ascend-Session-Svr-Key (151)	Identifies the user session in which a client sends a disconnect or filter-change request to the RADIUS server.
Ascend-User-Acct-Base (142)	Specifies whether the numeric base of the RADIUS Acct-Session-ID attribute is 10 or 16.
Ascend-User-Acct-Host (139)	Specifies the IP address of the RADIUS server to use for the connection.
Ascend-User-Acct-Key (141)	Specifies the RADIUS client password as it appears in the clients file.
Ascend-User-Acct-Port (140)	Specifies a UDP port number for the connection.
Ascend-User-Acct-Time (143)	Specifies the number of seconds the MAX waits for a response to a call logging request.
Ascend-User-Acct-Type (138)	Specifies the call logging server(s) to use for the connection.

Call logging attributes in Stop records

Table 11. Call Logging-specific attributes in Stop records

Attribute	Description	Conditions for inclusion
Acct-Authentic (45)	Specifies the method the MAX used to authenticate an incoming call: RADIUS (1) specifies that RADIUS authenticated the incoming call. Local (2) specifies that the MAX used a local Connection profile, TACACS profile, or TACACS+ profile, or that the MAX accepted the call without authentication.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Acct-Delay-Time (41)	Specifies the number of seconds between the time an event occurred and the time the MAX sent the packet. If RADIUS does not acknowledge the packet, the MAX resends it. The value of Acct-Delay-Time changes to reflect the proper event time.	Auth-Type parameter not set to RADIUS-Logout.
Acct-Input-Octets (42)	Specifies the number of octets the MAX received during the session.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Acct-Input-packets (47)	Specifies the number of packets the MAX received during the session.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated. A framed protocol must be in use.
Acct-Output-Octets (43)	Specifies the number of octets the MAX sent during the session.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Acct-Output-packets (48)	Specifies the number of packets the MAX sent during the session.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated. A framed protocol must be in use.
Acct-Session-Id (44)	Consists of a unique numeric string identified with the bridging, routing, or terminal-server session reported in the Call Logging packet. The string is a random number of up to seven digits. RADIUS correlates the Call Logging Start packet and Call Logging Stop packet with Acct-Session-Id. Its value can range from 1 to 2,137,383,647.	Auth-Type parameter not set to RADIUS-Logout.
Acct-Session-Time (46)	Specifies the number of seconds the session has been logged in.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Acct-Status-Type (40)	Requests that have Acct-Status-Type=Start are Call Logging Start packets. The information in these packets appears in Start records. Requests that have Acct-Status-Type=Stop are Call Logging Stop packets. The information in these packets appears in Stop or Failure-to-start records. Requests that have Acct-Status-Type=Accounting-On (7) are sent when either of the following occurs The MAXis booted up and the Acct=RADIUS in the Ethernet > Mod Config > Accounting menu. You set the Acct parameter RADIUS and save the configuration while the MAX is running. Requests that have Acct-Status-Type=Accounting-Off (8) are sent when one of the following occurs: You reset the MAX. You set Acct to either None or TACACS+ and save the configuration while the MAX is running. You change the setting of the Auth parameter in the Ethernet>Mod Config>Auth menufrom RADIUS to RADIUS/LOGOUT. When Auth=RADIUS/LOGOUT, Acct is set to N/A, and RADIUS accounting is disabled.	Auth-Type parameter not set to RADIUS-Logout.
Ascend-Connect-Progress (196)	Specifies the state of the connection before it disconnects.	Auth-Type parameter not set to RADIUS-Logout.
Ascend-Data-Rate (197)	Specifies the data rate of the connection in bits per second.	Auth-Type parameter not set to RADIUS-Logout.
Ascend-Disconnect-Cause (195)	Specifies the reason a connection was taken offline.	Auth-Type parameter not set to RADIUS-Logout.
Ascend-Event-Type (150)	Specifies a cold-start notification, informing the call logging server that the MAX has started up.	For a cold-start notification, the MAX sends values for NAS-Identifier and Ascend-Event-Type in an Ascend-Event-Request packet (code 33). The call logging server must send back an Ascend-Event-Response packet (code 34), with the correct identifier, to the MAX.
Ascend-First-Dest (189)	Records the destination IP address of the first packet the MAX received on a connection after authentication.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Ascend-Multilink-ID (187)	Reports the ID number of the Multilink bundle when the session closes.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Ascend-Num-In-Multilink (188)	Records the number of sessions remaining in a Multilink bundle when the session closes.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Ascend-Number-Sessions (202)	Specifies the number of active user sessions of a given class (as specified by the Class attribute). In the case of multichannel calls, such as MP+ calls, each separate connection counts as a session.	The MAX sends the Ascend- Number-Sessions attribute in Ascend-Event-Request packets. Only RADIUS daemons you customize to recognize packet code 33 respond to these request packets.
Ascend-Pre-Input-Octets (190)	Records the number of octets the MAX received before authentication.	Auth-Type parameter is not set to RADIUS-Logout. The session must be authenticated.
Ascend-Pre-Input-packets (192)	Records the number of packets the MAX received before authentication.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Ascend-Pre-Output-Octets (191)	Records the number of octets the MAX sent before authentication.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Ascend-Pre-Output-packets (193)	Records the number of packets the MAX sent before authentication.	Auth-Type parameter not set to RADIUS-Logout. Session must be authenticated.
Ascend-PreSession-Time (198)	Specifies the length of time, in seconds, from when a call connected to when it completed authentication.	Auth-Type parameter not set to RADIUS-Logout.
Ascend-User-Acct-Base (142)	Specifies whether the numeric base of the RADIUS Acct-Session-ID attribute is 10 or 16.	None.
Ascend-User-Acct-Host (139)	Specifies the IP address of the RADIUS server to use for the connection.	None.
Ascend-User-Acct-Key (141)	Specifies the RADIUS client password as it appears in the clients file.	None.
Ascend-User-Acct-Port (140)	Specifies a UDP port number for the connection.	None.
Ascend-User-Acct-Time (143)	Specifies the number of seconds the MAX waits for a response to a call logging request.	None.
Ascend-User-Acct-Type (138)	Specifies the call logging server(s) to use for the connection.	None.

Call logging attributes in Failure-to-start records

• Acct-Delay-Time (41)

• Acct-Session-Id (44)

• Acct-Status-Type (40)

• Ascend-Connect-Progress (196)

• Ascend-Data-Rate (197)

• Ascend-Disconnect-Cause (195)

• Ascend-PreSession-Time (198)

• A Pipeline 25 dialing into a MAX

• A modem calling into a MAX

Tue Feb 25 12:00:41 1997 /* Session startup time */

   User-Name="ht-net" /* The name of the Pipeline 25 */

   NAS-Identifier=206.65.212.46 /* The IP address of the MAX */

   NAS-Port=10114 /* Digital call on line 1, channel 14 */

   Acct-Status-Type=Start /* Start record. */

   Acct-Delay-Time=0 /* Always zero for a Start record */

   Acct-Session-Id="1234567" /* Session identification number */

   Acct-Authentic=RADIUS /* RADIUS authentication in use */

   Client-Port-DNIS="3142" /* Called number */

   Framed-Protocol=PPP /* PPP call */

   Framed-Address=11.0.0.1 /* IP address of the Pipeline 25 */

Tue Feb 25 12:02:48 1997 /* Session hangup time */

   User-Name="ht-net" /* The name of the Pipeline 25 */

   NAS-Identifier=206.65.212.46 /* The IP address of the MAX */

   NAS-Port=10114 /* Digital call on line 1, channel 14 */

   Acct-Status-Type=Stop /* Stop record */

   Acct-Delay-Time=18 /* MAX tried to send packet for 18 seconds */

   Acct-Session-Id="1234567" /* Session identification number */

   Acct-Authentic=RADIUS /* RADIUS authentication used */

   Acct-Session-Time=128 /* Number of seconds in session */

   Acct-Input-Octets=2421 /* Bytes received from the Pipeline */

   Acct-Output-Octets=1517 /* Bytes sent to the Pipeline */

   Acct-Input-packets=79 /* Packets received from the Pipeline */

   Acct-Output-packets=47 /* Packets sent to the Pipeline */

   Ascend-Disconnect-Cause=100 /* Session timeout */

   Ascend-Connect-Progress=60 /* LAN session up */

   Ascend-Data-Rate=64000 /* Data rate in bits per second */

   Ascend-PreSession-Time=0 /*Secs from connection to authentication*/

   Ascend-Pre-Input-Octets=174 /* Input octets pre-authentication */

   Ascend-Pre-Output-Octets=204 /* Output octets pre-authentication */

   Ascend-Pre-Input-packets=7 /* Input packets pre-authentication */

   Ascend-Pre-Output-packets=8 /* Output packets pre-authentication */

   Ascend-First-Dest=10.81.44.111 /* Dest IP address of 1st packet */

   Ascend-Multilink-ID=64 /* ID number of Multilink bundle */.

   Ascend-Num-In-Multilink=0 /* # of sessions in Multilink bundle */

   Client-Port-DNIS="3142" /* Called number */

   Framed-Protocol=PPP /* PPP call */

   Framed-Address=11.0.0.1 /* IP address of the Pipeline 25 */

Tue Feb 25 12:00:00 1997 /* Session startup time */

   User-Name="Berkeley" /* The name of the modem caller */

   NAS-Identifier=200.65.212.46 /* The IP address of the MAX */

   NAS-Port=10113 /* Digital call on line 1, channel 13 */

   Acct-Status-Type=Start /* Start record. */

   Acct-Delay-Time=0 /* Always zero for a Start record */

   Acct-Session-Id="3456789" /* Session identification number */

   Acct-Authentic=RADIUS /* RADIUS authentication in use */

   Client-Port-DNIS="3143" /* Called number */

   Login-Service=Unframed-User /* Modem call */

Tue Feb 25 12:03:00 1997 /* Session hangup time */

   User-Name="Berkeley" /* The name of the modem caller */

   NAS-Identifier=200.65.212.46 /* The IP address of the MAX */

   NAS-Port=10113 /* Digital call on line 1, channel 13 */

   Acct-Status-Type=Stop /* Stop record */

   Acct-Delay-Time=18 /* MAX tried to send packet for 18 seconds */

   Acct-Session-Id="3456789" /* Session identification number */

   Acct-Authentic=RADIUS /* RADIUS authentication used */

   Acct-Session-Time=128 /* Number of seconds in session */

   Acct-Input-Octets=2421 /* Bytes received from the Pipeline */

   Acct-Output-Octets=1517 /* Bytes sent to the Pipeline */

   Acct-Input-packets=79 /* Packets received from the Pipeline */

   Acct-Output-packets=47 /* Packets sent to the Pipeline */

   Ascend-Disconnect-Cause=100 /* Session timeout */

   Ascend-Connect-Progress=60 /* LAN session up */

   Ascend-Data-Rate=64000 /* Data rate in bits per second */

   Ascend-PreSession-Time=0 /*Secs from connection to authentication*/

   Ascend-Pre-Input-Octets=174 /* Input octets pre-authentication */

   Ascend-Pre-Output-Octets=204 /* Output octets pre-authentication */

   Ascend-Pre-Input-packets=7 /* Input packets pre-authentication */

   Ascend-Pre-Output-packets=8 /* Output packets pre-authentication */

   Ascend-First-Dest=10.81.44.111 /* Dest IP address of 1st packet */

   Ascend-Multilink-ID=64 /* ID number of Multilink bundle *.

   Ascend-Num-In-Multilink=0 /* # of sessions in Multilink bundle */

   Client-Port-DNIS="3143" /* Called number */

   Login-Service=Unframed-User /* Modem call */

Tue Feb 18 12:00:41 1997 /* Session startup time */

   User-Name="ht-net" /* The name of the Pipeline 25 */

   NAS-Identifier=206.65.212.46 /* The IP address of the MAX */

   NAS-Port=1057 /* Call on channel 2, line 2, slot 2, shelf 1 */

   Acct-Status-Type=Start /* Start record. */

   Acct-Delay-Time=0 /* Always zero for a Start record */

   Acct-Session-Id="1234567" /* Session identification number */

   Acct-Authentic=RADIUS /* RADIUS authentication in use */

   Client-Port-DNIS="3142" /* Called-party number */

   Framed-Protocol=PPP /* PPP call */

   Framed-Address=11.0.0.1 /* IP address of the Pipeline 25 */

Tue Feb 18 12:02:48 1997 /* Session hangup time */

   User-Name="ht-net" /* The name of the Pipeline 25 */

   NAS-Identifier=206.65.212.46 /* The IP address of the MAX */

   NAS-Port=1057 /* Call on channel 2, line 2, slot 2, shelf 1 */

   Acct-Status-Type=Stop /* Stop record */

   Acct-Delay-Time=18 /* MAX tried to send packet for 18 seconds */

   Acct-Session-Id="1234567" /* Session identification number */

   Acct-Authentic=RADIUS /* RADIUS authentication used */

   Acct-Session-Time=128 /* Number of seconds in session */

   Acct-Input-Octets=2421 /* Bytes received from the Pipeline */

   Acct-Output-Octets=1517 /* Bytes sent to the Pipeline */

   Acct-Input-packets=79 /* Packets received from the Pipeline */

   Acct-Output-packets=47 /* Packets sent to the Pipeline */

   Ascend-Disconnect-Cause=100 /* Session timeout */

   Ascend-Connect-Progress=60 /* LAN session up */

   Ascend-Data-Rate=64000 /* Data rate in bits per second */

   Ascend-PreSession-Time=0 /*Secs from connection to authentication*/

   Ascend-Pre-Input-Octets=174 /* Input octets pre-authentication */

   Ascend-Pre-Output-Octets=204 /* Output octets pre-authentication */

   Ascend-Pre-Input-packets=7 /* Input packets pre-authentication */

   Ascend-Pre-Output-packets=8 /* Output packets pre-authentication */

   Ascend-First-Dest=10.81.44.111 /* Dest IP address of 1st packet */

   Ascend-Multilink-ID=64 /* ID number of Multilink bundle */.

   Ascend-Num-In-Multilink=0 /* # of sessions in Multilink bundle */

   Client-Port-DNIS="3142" /* Called-party number */

   Framed-Protocol=PPP /* PPP call */

   Framed-Address=11.0.0.1 /* IP address of the Pipeline 25 */

A Start record might look like the following:

Tue Feb 18 12:00:00 1997 /* Session startup time */

   User-Name="Berkeley" /* The name of the modem caller */

   NAS-Identifier=200.65.212.46 /* The IP address of the MAX */

   NAS-Port=1057 /* Call on channel 2, line 2, slot 2, shelf 1 */

   Acct-Status-Type=Start /* Start record. */

   Acct-Delay-Time=0 /* Always zero for a Start record */

   Acct-Session-Id="3456789" /* Session identification number */

   Acct-Authentic=RADIUS /* RADIUS authentication in use */

   Client-Port-DNIS="3143" /* Called-party number */

   Login-Service=Unframed-User /* Modem call */

Tue Feb 18 12:03:00 1997 /* Session hangup time */

   User-Name="Berkeley" /* The name of the modem caller */

   NAS-Identifier=200.65.212.46 /* The IP address of the MAX */

   NAS-Port=1057 /* Call on channel 2, line 2, slot 2, shelf 1 */

   Acct-Status-Type=Stop /* Stop record */

   Acct-Delay-Time=18 /* MAX tried to send packet for 18 seconds */

   Acct-Session-Id="3456789" /* Session identification number */

   Acct-Authentic=RADIUS /* RADIUS authentication used */

   Acct-Session-Time=128 /* Number of seconds in session */

   Acct-Input-Octets=2421 /* Bytes received from the Pipeline */

   Acct-Output-Octets=1517 /* Bytes sent to the Pipeline */

   Acct-Input-packets=79 /* Packets received from the Pipeline */

   Acct-Output-packets=47 /* Packets sent to the Pipeline */

   Ascend-Disconnect-Cause=100 /* Session timeout */

   Ascend-Connect-Progress=60 /* LAN session up */

   Ascend-Data-Rate=64000 /* Data rate in bits per second */

   Ascend-PreSession-Time=0 /*Secs from connection to authentication*/

   Ascend-Pre-Input-Octets=174 /* Input octets pre-authentication */

   Ascend-Pre-Output-Octets=204 /* Output octets pre-authentication */

   Ascend-Pre-Input-packets=7 /* Input packets pre-authentication */

   Ascend-Pre-Output-packets=8 /* Output packets pre-authentication */

   Ascend-First-Dest=10.81.44.111 /* Dest IP address of 1st packet */

   Ascend-Multilink-ID=64 /* ID number of Multilink bundle *.

   Ascend-Num-In-Multilink=0 /* # of sessions in Multilink bundle */

   Client-Port-DNIS="3143" /* Called-party number */

   Login-Service=Unframed-User /* Modem call */

Copyright © 1998, Ascend Communications, Inc. All rights reserved.