×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Captive Portal Users Accounting & Tracking: HOW TO?

Unanswered Question
Oct 27th, 2014
User Badges:

HI, 

I'm totally new to this forum, so please forgive me for any inadequacy or mistake, and pls help me getting it right !

 

The scenario:

 11 WAP551/561 linked togheter in single point setup group (IPs going from x.y.100.21 to x.y.100.31): latest 1.1.0.4 FW Rel.

  1 Captive portal created using the SPSG "common IP Address" x.y.100.20

  1 Captive Portal Instance, configured for LOCAL Validation

  50 Captive Portal User Accounts locally configured and tied to the only Instance

 

User Authentication is OK: users are correctly authenticated and redirected to the welcome URL.

 

The Problem.

I want to keep history track of all authenticated users, knowing their username, assigned IP address, authentication timestamp, and possibly session counters (time, down/up bytes, etc.).

It seeems that there's no other option than using Radius Accounting, so to do that I configured "Radius Accounting" on the "Instance Configuration"panel, and gave IP Address and Shared key of my local RADIUS Server (WinSrv2012R2 NPS server).

On the server I configured my elen APs and their shared keys (crom x.y.100.21 to x.y.100.31)

Then:

>>> I cannot find any Captive Portal Radius Accounting Record on the NPS (WinSrv Radius Server) Log.

>>> Counter-test: I did enable Radius Accounting on the Security/RadiusServer panel, using same Server Params, and started to see a lot of "CONNECT" entries coming from all my APs.... so my client>server radius accounting flow seems to be working, at least for the client connection to the AP ...

 

The Question.

1. Is Radius Accounting of Captive Portal Authentication/usage possible?

2. Which is the source IP address used by Caprive Portal Radius Accounting Client?

3. How to get it working?

 

Pls. send also a copy to [email protected]

Thanks a lot

Flavio.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nesecon2004 Thu, 10/30/2014 - 03:03
User Badges:

Nobody interested in Captive Portal Usage Accounting & Tracking with WAP 5x1?

 

Cisco Engineers, are you there?

 

 

Michael Muenz Thu, 10/30/2014 - 22:54
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Best Publication, April 2016

Can you set port number for Radius Authentication and Accounting? 

Also can install a sniffer on the NPS und check if the packets are coming in (also check local firewall on the server is disabled)

nesecon2004 Fri, 10/31/2014 - 06:05
User Badges:

Hi ciscomax,

first of all thank you for your reply!

 

1. No, on the WAP5x1 GUI it is not possiblle to set the port number for radius protocol. But My NPS is listening on standard ports 1812,1645 (Authentication) and 1813,1646 (Accounting)

In fact, as i wrote in my post, accounting flow is allowed from APs to the NPS server, when this flow is originated by the "radius security" feature of the WAPs:

------

>>> Counter-test: I did enable Radius Accounting on the Security/RadiusServer panel, using same Server Params, and started to see a lot of "CONNECT" entries coming from all my APs.... so my client>server radius accounting flow seems to be working, at least for the client connection to the AP ...

-------

What I don't see is the a-like accounting flow going from the WAPs to the NPS, when originated by the "captive portal instance radius accounting" feature. In this case source Ip/port and dest Ip/port should be the same as those used by the "radius security accounting feature" of the same WAPs

 

2. No, I didn't use any sniffer on th NPS, as radius flow seemed to be already enabled (see prev. answer)... nevertheless I'll try, as somehing interesting could alwqays arise from that !

I'll try that and post the answer ASAP

 

Anyway...  as far as you know, Radius accounting of Captive Portal User activity should work... or not?

 

Flavio

Michael Muenz Sat, 11/01/2014 - 02:18
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Best Publication, April 2016

I never used this feature. Radius Accounting comes in on different ports: 1646 or 1813.

Check the local firewall of the NPS and install a sniffer in order to see if the packets arrive at the server.

Actions

This Discussion