locked
NPS Accounting isnt logging "END Client" information. RRS feed

  • Question

  • Hi

    We have implemented dot1x into our wireless infrastructure. 2 Radius Proxies sending Authentication Requests to Radius Servers. We setup NPS accounting on Our proxies and Radius Servers to log on SQL Server and local Text File. 

    Authentication Works fine.

    Accounting isnt logging all of the information. We need to log End Client's Device IP address plus whole bunch of information available on Cisco WLC accounting log.

    We also did some wireshark capturing on NPS proxies that may help :

    1-AP (WLC) Sends Accounting Request to Proxy. Sourceport = Random (1053,1062,1052) / Destination Port = 1813 (Radius Accounting)

     

    2-Proxy sends Accounting Response to AP(WLC). Source Port= 1813 / Destination Port = Source Port of Step 1. Ex:1053

     

    3-AP(WLC) Sends ICMP Port unreachable , Source Port = 1813 / Destination Port = Source Port of Step 1. Ex:1053

    Image will be in next post due to 2 image per post policy.

    Any help will be appreciated.


    Wednesday, July 2, 2014 5:02 AM

Answers

  • Hi,

    Could you post the snapshots of your log file here? Base on your snapshots, I don’t think accounting is failed.

    Accounting-Response packets are sent by the RADIUS accounting server to the client to acknowledge that the Accounting-Request has been received and recorded successfully.

    The issue about ICMP message means that there may be some misconfiguration between your AP and RADIUS client. But it doesn’t affect the Accounting Logging. When RADIUS server sends the Accounting-Response packets, it has already logged the information.

    Besides, make sure that all of the check box in Log File Properties have been checked.

    To configure NPS log file properties, please follow the steps below,

    1. Open the NPS console or the NPS Microsoft Management Console (MMC) snap-in.
    2. In the console tree, click Accounting.
    3. In the details pane, in Log File Properties, click Change Log File Properties.
    4. In Log File Properties, on the Settings tab, in Log the following information, ensure that you choose to log enough information to achieve your accounting goals. For example, if your logs need to accomplish session correlation, select all check boxes.
    5. In Logging failure action, select If logging fails, discard connection requests if you want NPS to stop processing Access-Request messages when log files are full or unavailable for some reason. If you want NPS to continue processing connection requests if logging fails, do not select this check box.

    Here is a snapshots of accounting file in my lab server,

    Hope this helps.



    Steven Lee

    TechNet Community Support


    Thursday, July 3, 2014 7:45 AM

All replies

  • Third Step's Packet.

    Wednesday, July 2, 2014 5:03 AM
  • Hi,

    Could you post the snapshots of your log file here? Base on your snapshots, I don’t think accounting is failed.

    Accounting-Response packets are sent by the RADIUS accounting server to the client to acknowledge that the Accounting-Request has been received and recorded successfully.

    The issue about ICMP message means that there may be some misconfiguration between your AP and RADIUS client. But it doesn’t affect the Accounting Logging. When RADIUS server sends the Accounting-Response packets, it has already logged the information.

    Besides, make sure that all of the check box in Log File Properties have been checked.

    To configure NPS log file properties, please follow the steps below,

    1. Open the NPS console or the NPS Microsoft Management Console (MMC) snap-in.
    2. In the console tree, click Accounting.
    3. In the details pane, in Log File Properties, click Change Log File Properties.
    4. In Log File Properties, on the Settings tab, in Log the following information, ensure that you choose to log enough information to achieve your accounting goals. For example, if your logs need to accomplish session correlation, select all check boxes.
    5. In Logging failure action, select If logging fails, discard connection requests if you want NPS to stop processing Access-Request messages when log files are full or unavailable for some reason. If you want NPS to continue processing connection requests if logging fails, do not select this check box.

    Here is a snapshots of accounting file in my lab server,

    Hope this helps.



    Steven Lee

    TechNet Community Support


    Thursday, July 3, 2014 7:45 AM