Policy center fails to authenticate users from wireless network due to no accounting configuration

A customer installed an AC6005 with 2 APs, and configured portal authentication on Policy center, AR acted as gateway and had authentication configuration, so AC6605 only managed APs . At first end users can login SSID and access internet, but after a period, new users failed to login.
. 
The software version of policy center is V100R003.
This is the topology:

None

(1) Since at first end users can login SSID and pass portal authentication, so the route between the network device is OK, and the basic configuration should be OK.
(2) Login Policy center to check the login log. And found that there are many logs of “Identify authentication failed” for anonymous user.


(3) Check the license information, we found that the customer purchased license quantity of 200 users, but the used license quantity is 210. That is the cause that new users can’t pass portal authentication.

(4) But the customer replied that the concurrent users are much less than 200. We checked the radius online user, and found that too many users login from several days ago. The current date is 2015-04-12, but there are too many users still online since several days ago. The project is belongs a restaurant, so it’s impossible for so many users to be online for so many days. It’s abnormal.


(5) Check the configuration of AR2200, and found the accounting scheme is configured.

aaa authentication-scheme default authentication-scheme TSM   authentication-mode radius authorization-scheme default accounting-scheme default accounting-scheme TSM   accounting-mode radius   accounting realtime 6 domain default    authentication-scheme TSM   accounting-scheme TSM   radius-server TSM domain default_admin

(6) Check the accounting configuration in Policy Center.
Choose Access Control Policy > Access Device > Access Device Management > Device. And found that the account parameter is not configured.

In policy center, the accounting parameter is not configured, and the “real-time charging interval” should be same as that configured in AR. If not, policy center doesn’t know when the online user will be offline, so it just waits the session expired. That is why we can see so many users online, but many users are actually not online. Those users occupy the license item number, when the license number reaches the purchased license quantity, new users can’t login SSID with portal authentication.

In policy center, change the “Real-time charging interval” to same as that configured in AR.

After the change, the customer replied the issue had been resolved. Now new user can access SSID with portal authentication.

When you configure authentication parameter in policy center, don’t forget to configure “Real-time charging interval”, and the value should be same as that configured on interconnect device.