Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Captive Portal Users Accounting & Tracking: HOW TO?

HI, 

I'm totally new to this forum, so please forgive me for any inadequacy or mistake, and pls help me getting it right !

 

The scenario:

 11 WAP551/561 linked togheter in single point setup group (IPs going from x.y.100.21 to x.y.100.31): latest 1.1.0.4 FW Rel.

  1 Captive portal created using the SPSG "common IP Address" x.y.100.20

  1 Captive Portal Instance, configured for LOCAL Validation

  50 Captive Portal User Accounts locally configured and tied to the only Instance

 

User Authentication is OK: users are correctly authenticated and redirected to the welcome URL.

 

The Problem.

I want to keep history track of all authenticated users, knowing their username, assigned IP address, authentication timestamp, and possibly session counters (time, down/up bytes, etc.).

It seeems that there's no other option than using Radius Accounting, so to do that I configured "Radius Accounting" on the "Instance Configuration"panel, and gave IP Address and Shared key of my local RADIUS Server (WinSrv2012R2 NPS server).

On the server I configured my elen APs and their shared keys (crom x.y.100.21 to x.y.100.31)

Then:

>>> I cannot find any Captive Portal Radius Accounting Record on the NPS (WinSrv Radius Server) Log.

>>> Counter-test: I did enable Radius Accounting on the Security/RadiusServer panel, using same Server Params, and started to see a lot of "CONNECT" entries coming from all my APs.... so my client>server radius accounting flow seems to be working, at least for the client connection to the AP ...

 

The Question.

1. Is Radius Accounting of Captive Portal Authentication/usage possible?

2. Which is the source IP address used by Caprive Portal Radius Accounting Client?

3. How to get it working?

 

Pls. send also a copy to fmolinelli@nesecon.com

Thanks a lot

Flavio.

 

Everyone's tags (1)
4 REPLIES
Community Member

Nobody interested in Captive

Nobody interested in Captive Portal Usage Accounting & Tracking with WAP 5x1?

 

Cisco Engineers, are you there?

 

 

Can you set port number for

Can you set port number for Radius Authentication and Accounting? 

Also can install a sniffer on the NPS und check if the packets are coming in (also check local firewall on the server is disabled)

Michael Please rate all helpful posts
Community Member

Hi ciscomax,first of all

Hi ciscomax,

first of all thank you for your reply!

 

1. No, on the WAP5x1 GUI it is not possiblle to set the port number for radius protocol. But My NPS is listening on standard ports 1812,1645 (Authentication) and 1813,1646 (Accounting)

In fact, as i wrote in my post, accounting flow is allowed from APs to the NPS server, when this flow is originated by the "radius security" feature of the WAPs:

------

>>> Counter-test: I did enable Radius Accounting on the Security/RadiusServer panel, using same Server Params, and started to see a lot of "CONNECT" entries coming from all my APs.... so my client>server radius accounting flow seems to be working, at least for the client connection to the AP ...

-------

What I don't see is the a-like accounting flow going from the WAPs to the NPS, when originated by the "captive portal instance radius accounting" feature. In this case source Ip/port and dest Ip/port should be the same as those used by the "radius security accounting feature" of the same WAPs

 

2. No, I didn't use any sniffer on th NPS, as radius flow seemed to be already enabled (see prev. answer)... nevertheless I'll try, as somehing interesting could alwqays arise from that !

I'll try that and post the answer ASAP

 

Anyway...  as far as you know, Radius accounting of Captive Portal User activity should work... or not?

 

Flavio

I never used this feature.

I never used this feature. Radius Accounting comes in on different ports: 1646 or 1813.

Check the local firewall of the NPS and install a sniffer in order to see if the packets arrive at the server.

Michael Please rate all helpful posts
310
Views
0
Helpful
4
Replies
CreatePlease to create content