EasyManua.ls Logo

Cisco 3032 - Page 210

Cisco 3032
1354 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
7-22
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-12247-04
Chapter 7 Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
Preconditions
To use the CoA interface, a session must already exist on the switch. CoA can be used to identify a
session and enforce a disconnect request. The update affects only the specified session.
CoA Request Response Code
The CoA Request response code can be used to convey a command to the switch. The supported
commands are listed in Table 7-4 on page 7-23.
Session Identification
For disconnect and CoA requests targeted at a particular session, the switch locates the session based on
one or more of the following attributes:
Calling-Station-Id (IETF attribute #31 which contains the host MAC address)
Audit-Session-Id (Cisco VSA)
Acct-Session-Id (IETF attribute #44)
Unless all session identification attributes included in the CoA message match the session, the switch
returns a Disconnect-NAK or CoA-NAK with the “Invalid Attribute Value” error-code attribute.
For disconnect and CoA requests targeted to a particular session, any one of the following session
identifiers can be used:
Calling-Station-ID (IETF attribute #31, which should contain the MAC address)
Audit-Session-ID (Cisco vendor-specific attribute)
Accounting-Session-ID (IETF attribute #44).
If more than one session identification attribute is included in the message, all the attributes must match
the session or the switch returns a Disconnect- negative acknowledgement (NAK) or CoA-NAK with the
error code “Invalid Attribute Value.
The packet format for a CoA Request code as defined in RFC 5176 consists of the fields: Code,
Identifier, Length, Authenticator, and Attributes in Type:Length:Value (TLV) format.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Authenticator |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
The attributes field is used to carry Cisco VSAs.
CoA ACK Response Code
If the authorization state is changed successfully, a positive acknowledgement (ACK) is sent. The
attributes returned within CoA ACK will vary based on the CoA Request and are discussed in individual
CoA Commands.

Table of Contents

Related product manuals