6.11. Radius accounting

You can set up UserGate to update IP addresses of users based on the Radius servers that send the Radius accounting information. This may be convenient when integrating UserGate in ISP networks that assign dynamic IP addresses to users. To update user IP addresses, perform the following steps:

Name	Description
Step 1. Add a user to UserGate	Add the necessary local users to UserGate. Refer to the Users section.
Step 2. Allow the Authentication Agent service for the required zone	Go to Network-->Zones and select a zone to which interface you are going to receive Radius-accounting. Allow the Authorization agent service. For more details on how to set up zones, please refer to Configuring zones.
Step 3. Set up a password for the terminal service agent	Go to Terminal servers, click Settings and provide a password for the terminal service agent. This password will be used as the Radius secret when setting up a Radius server.
Step 4. Set up a Radius server	On the Radius server, set up sending of the Radius-accounting information to the UserGate server by specifying the IP address of the UserGate server as the server IP with UDP 1813 as the port. Provide the password specified for the terminal service in the previous step as the Radius secret. Set up the server to send a user name in the 'Radius User-Name (type=1)' attribute and the IP address in the 'Radius Framed-IP-Address (type=8)' attribute. For more details on setting up Radius, please refer to the documentation for your Radius server.

As a result, UserGate will be changing user IP addresses with the Radius-accounting addresses obtained from the server. Depending on the obtained information, UserGate will perform the following:

Name	Description
Step 1. A Radius server has sent a user name that does not exist in UserGate	UserGate responds 'Accounting reject' to the accounting request.
Step 2. A Radius server has sent a user name that exists in UserGate and provided 'Acct-Status-Type' = 'Start' or 'Interim-Update'	The obtained IP address will be assigned to the specified user. If the user already has another IP address, then the user will be assigned two or more IP addresses. If the user already has the same IP address, then no changes will be made. If this IP address is already assigned to another user, then this IP address will be removed from that user and assigned to the user specified in the request.
Step 3. A Radius server has sent a user name that exists in UserGate and provided 'Acct-Status-Type' = 'Stop'	The obtained IP address will be removed from the specified user.

Name

Description

Step 1. A Radius server has sent a user name that does not exist in UserGate

UserGate responds 'Accounting reject' to the accounting request.

Step 2. A Radius server has sent a user name that exists in UserGate and provided 'Acct-Status-Type' = 'Start' or 'Interim-Update'

The obtained IP address will be assigned to the specified user. If the user already has another IP address, then the user will be assigned two or more IP addresses.

If the user already has the same IP address, then no changes will be made.

If this IP address is already assigned to another user, then this IP address will be removed from that user and assigned to the user specified in the request.

Step 3. A Radius server has sent a user name that exists in UserGate and provided 'Acct-Status-Type' = 'Stop'

The obtained IP address will be removed from the specified user.

You are here

Search form

6.11. Radius accounting