Table 95: RADIUS CoA Commands Supported by Identity-Based Networking Services
Cisco VSACoA Command
Cisco:Avpair=“subscriber:command=activate-service”
Cisco:Avpair=“subscriber:service-name=<service-name>”
Cisco:Avpair=“subscriber:precedence=<precedence-number>”
Cisco:Avpair=“subscriber:activation-mode=replace-all”
Activate service
Cisco:Avpair=“subscriber:command=deactivate-service”
Cisco:Avpair=“subscriber:service-name=<service-name>”
Deactivate service
Cisco:Avpair=“subscriber:command=bounce-host-port”
Bounce host port
Cisco:Avpair=“subscriber:command=disable-host-port”
Disable host port
Cisco:Avpair=“subscriber:command=session-query”
Session query
Cisco:Avpair=“subscriber:command=reauthenticate”
Cisco:Avpair=“subscriber:reauthenticate-type=last” or
Cisco:Avpair=“subscriber:reauthenticate-type=rerun”
Session reauthenticate
This is a standard disconnect request and does not require a VSA.Session terminate
Cisco:AVpair="interface-template-name=<interfacetemplate>"
Interface template
Change-of-Authorization Requests
Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow for
session identification, host reauthentication, and session termination. The model is comprised of one request
(CoA-Request) and two possible response codes:
•
CoA acknowledgment (ACK) [CoA-ACK]
•
CoA non-acknowledgment (NAK) [CoA-NAK]
The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the switch
that acts as a listener.
RFC 5176 Compliance
The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported by
the switch for session termination.
This table shows the IETF attributes are supported for this feature.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
963
Information About RADIUS Change-of-Authorization
To Next Page
Loading...
Need help?
General
