Hello once again,
Thank you for your help in resolving this problem. I have counters increasing now after defining Max-Daily-Session for DEFAULT user in the users file like below and adding the line aaa accounting dot1x default start-stop group radius suggested by Alan Buxey to config on my Cisco 2960 switch NAS. DEFAULT Service-Type == Login-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Max-Daily-Session = 240, I found the following in the log ### Debug log ### rlm_counter: Entering module authorize code rlm_counter: Searching the database for key 'clare' rlm_counter: Key Found. rlm_counter: Check item = 240, Count = 2386 rlm_counter: Rejected user clare, check_item=240, counter=2386 modcall[authorize]: module "daily" returns reject for request 0 modcall: leaving group authorize (returns reject) for request 0 Invalid user (rlm_counter: Maximum hourly usage time reached): [clare] (from client C2960_NOC_LAN1 port 50009 cli 00-1E-33-D5-7A-68) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 230 to 10.1.5.4 port 1645 Reply-Message = "Your maximum hourly usage time has been reached" I realise user clare is rejected only when user login after cable is unplugged and plugged back into the computer. What it means is that when a user login and is granted access, user's counter keeps increasing beyond the Max-Daily-Session until cable is unplugged from the computer.When cable is plugged back into the computer and user is prompted to login, user is rejected because he/she has exceeded the maximum daily session. What I want to achieve is to get user session disconnected/timeout automatically while cable is still plugged in and user reaching his/her maximum daily session set for the day. I hope it is possible to do :) I have the following config on my NAS- Cisco 2960 switch aaa authentication login default group radius local aaa authentication dot1x default group radius aaa authorization exec default group radius if-authenticated aaa authorization network default group radius aaa accounting suppress null-username aaa accounting session-duration ntp-adjusted aaa accounting update newinfo periodic 1 aaa accounting dot1x default start-stop group radius aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa accounting connection default start-stop group radius aaa accounting resource default start-stop-failure group radius interface FastEthernet0/9 switchport access vlan 6 switchport mode access authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate 60 authentication violation protect dot1x pae both dot1x max-req 3 spanning-tree portfast
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html