Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] Enabling accounting for the Pre-Shared Key SSID in WLC

0

0

Article ID: KB33485 KB Last Updated: 21 Mar 2020Version: 2.0
Summary:

Accounting helps to keep track of a user's session when connected to the Wireless Controller (WLC). This article describes how to enable accounting for a Pre-Shared Key (PSK) SSID in WLC, and also lists the types of accounting records that exist.

 

Solution:

Accounting records come in three types: start, stop, and update. WLC generates these records based on the configured accounting mode, which is either start-stop or stop-only:

  • When the start-stop mode is configured, a start record is generated when a user is first connected, and an update record is generated when a user roams from one WLA access point to another. A stop record is generated when a user terminates the session.

  • When the stop-only mode is configured, a stop record is generated when a user terminates the session.

Configuration on WLC

Step 1: Configure a service-profile for the PSK SSID.

set service-profile PSK-ssid ssid-name PSK-ssid
set service-profile PSK-ssid auth-fallthru last-resort
set service-profile PSK-ssid psk-encrypted 13504f145d0a057c28757a6664721204435100525a0900555e551913080c0655000700535807060a0e5245035d0b5d5709221916504b0015410d5d562872257835
set service-profile PSK-ssid wpa-ie auth-dot1x disable
set service-profile PSK-ssid rsn-ie cipher-ccmp enable
set service-profile PSK-ssid rsn-ie auth-psk enable
set service-profile PSK-ssid rsn-ie auth-dot1x disable
set service-profile PSK-ssid rsn-ie enable
set service-profile PSK-ssid attr vlan-name default

Step 2: Configure a radio-profile.

set radio-profile PSK-ssid service-profile PSK-ssid

Step 3: Configure an Access Point and map it to the radio-profile.

set ap 9999 serial-id a28112402359 model MP-522
set ap 9999 radio 1 radio-profile PSK-ssid  mode enable
set ap 9999 radio 2 radio-profile PSK-ssid  mode enable

Step 4: Verify client connectivity. To verify client connectivity, issue the following command from WLC:

JTAC-lab# show sessions

1 sessions total

User Name             SessID  Type  Address              VLAN            AP/Rdo
--------------------- ------  ----- -------------------- --------------  -------
LR-5ghz-256              490* open  10.9.221.205,V6      default           9999/1

Step 5: Configure accounting for the PSK SSID.

set accounting last-resort ssid PSK-ssid start-stop local

To view the accounting statistics, use the following command in WLC:

JTAC-Lab# show accounting statistics

Accounting Start

Acct-Status-Type=START
Acct-Authentic=0
Acct-Multi-Session-Id=SESS-489-513030-566369-19882
Acct-Session-Id=SESS-489-513030-566369-19882
User-Name=last-resort-PSK-ssid-256
AAA_ACCT_SVC_ATTR=6
Event-Timestamp=4218566369
Vlan-Name=default
Calling-Station-Id=54-33-CB-5D-AD-73
Nas-Port-Id=AP9999/1
Called-Station-Id=00-26-3E-AA-FF-40
AAA_SSID_ATTR=PSK-ssid
NAS-Port=489

Accounting Update

Acct-Status-Type=UPDATE
Acct-Authentic=0
Acct-Multi-Session-Id=SESS-489-513030-566369-19882
Acct-Session-Id=SESS-489-513030-566369-19882
User-Name=last-resort-PSK-ssid-256
AAA_ACCT_SVC_ATTR=6
Event-Timestamp=4218566369
Vlan-Name=default
Calling-Station-Id=54-33-CB-5D-AD-73
Nas-Port-Id=AP9999/1
Called-Station-Id=00-26-3E-AA-FF-40
AAA_SSID_ATTR=PSK-ssid
NAS-Port=489
Framed-Interface-Id=0c94:8446:b9f5:8488
Acct-Session-Time=0
Acct-Output-Octets=2575
Acct-Input-Octets=236
Acct-Output-Packets=14
Acct-Input-Packets=3

Accounting Stop

When a user disconnects from the AP, accounting stop is sent:

 Acct-Status-Type=STOP
 Acct-Authentic=0
 Acct-Multi-Session-Id=SESS-484-513030-564059-e0184
 Acct-Session-Id=SESS-484-513030-564059-e0184
 User-Name=last-resort-PSK-ssid-256
 AAA_ACCT_SVC_ATTR=6
 Event-Timestamp=4218564987
 Vlan-Name=default
 Calling-Station-Id=54-33-CB-5D-AD-73
 Nas-Port-Id=AP9999/1
 Called-Station-Id=00-26-3E-AA-FF-40
 AAA_SSID_ATTR=PSK-ssid
 NAS-Port=484
 Framed-IP-Address=10.9.221.205
 Framed-Interface-Id=0c94:8446:b9f5:8488
 Nas-Identifier=Trapeze
 Acct-Session-Time=928
 Acct-Output-Octets=1190987
 Acct-Input-Octets=321874
 Acct-Output-Packets=2257
 Acct-Input-Packets=3047

 

Modification History:

2020-03-21: Archived

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search