This document describes Meraki’s support for interim accounting messages when using a Sign-on Splash page and a RADIUS accounting server. Meraki’s implementation follows the IETF’s RFC 2869 standard.
External Captive Portal
Customers may use a Custom Splash Page with a Sign-on to validate their network users using RADIUS. The access point will redirect the client to the captive portal hosted on the customer’s server. Using the external captive portal API (EXCAP), the splash page will return the user’s credentials to the Meraki Cloud, and the Meraki Cloud will authenticate with the customer’s RADIUS server. After the initial login, the Meraki Cloud will send interim updates to a RADIUS accounting server. These messages allow the accounting server to accurately keep track of a user’s data usage and time connected.
Meraki Cloud-hosted Sign-on Splash
Customers may choose to use the Meraki Splash page Sign-on with their RADIUS. Using Splash authentication, the access point will redirect the client to the splash page hosted on the Meraki Cloud. After the client enters their login credentials, the Meraki Cloud will authenticate to the customer’s RADIUS server. After the initial login, the Meraki Cloud will send interim updates to a RADIUS accounting server. These messages allow the accounting server to accurately keep track of a user’s data usage and time connected.
Enable Interim Updates
RADIUS Server Configuration
To enable RADIUS interim updates for a Splash user, the RADIUS accounting server should include the Acct-Interim-Interval attribute in the Access-Accept response to the Access-Request. If the Acct-Interim-Interval attribute is absent, no interim updates will be sent.
The approximate update interval, in seconds, will equal the value of the Acct-Interim-Interval attribute if set. The minimum interval is 300 seconds (5 minutes), and a lower value will be coerced to the minimum.
The interim update message will contain the same data sent in an accounting stop message except the Acct-Terminate-Cause attribute will not be included. The data-usage accounting values may be up to 2 minutes delayed when compared to the message’s event timestamp.
In order to support interim updates for Sign-on Splash, RADIUS accounting must be enabled on the SSID’s Access Control page. The Meraki Cloud will automatically be configured to send interim accounting messages. For more information please refer to the article Configuring RADIUS Authentication with a Sign-on Splash Page.