EasyManuals Logo

Cisco Catalyst 2960 Series User Manual

Cisco Catalyst 2960 Series
2288 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1053 background imageLoading...
Page #1053 background image
Session Identification
For disconnect and CoA requests targeted at a particular session, the device locates the session based on one
or more of the following attributes:
Acct-Session-Id (IETF attribute #44)
Audit-Session-Id (Cisco VSA)
Calling-Station-Id (IETF attribute #31, which contains the host MAC address)
IPv6 Attributes, which can be one of the following:
Framed-IPv6-Prefix (IETF attribute #97) and Framed-Interface-Id (IETF attribute #96), which
together create a full IPv6 address per RFC 3162
Framed-IPv6-Address
Plain IP Address (IETF attribute #8)
If more than one session identification attribute is included in the message, all of the attributes must match
the session or the device returns a Disconnect-NAK or CoA-NAK with the error code Invalid Attribute
Value.
For CoA requests targeted at a particular enforcement policy, the device returns a CoA-NAK with the error
code Invalid Attribute Value if any of the above session identification attributes are included in the message.
CoA Session Reauthenticate Command
To initiate session authentication, the AAA server sends a standard CoA-Request message containing the
following VSAs:
Cisco:Avpair=subscriber:command=reauthenticate
Cisco:Avpair=subscriber:reauthenticate-type=<last | rerun>
reauthenticate-type defines whether the CoA reauthentication request uses the authentication method that
last succeeded on the session or whether the authentication process is completely rerun.
The following rules apply:
subscriber:command=reauthenticate must be present to trigger a reauthentication.
If subscriber:reauthenticate-type is not specified, the default behavior is to rerun the last successful
authentication method for the session. If the method reauthenticates successfully, all old authorization
data is replaced with the new reauthenticated authorization data.
subscriber:reauthenticate-type is valid only when included with subscriber:command=reauthenticate.
If it is included in another CoA command, the VSA will be silently ignored.
If the device fails before returning a CoA-ACK to the client, the process is repeated on the new active device
when the request is resent from the client. If the device fails after returning a CoA-ACK message to the client
but before the operation is complete, the operation is restarted on the new active device.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
971
Information About RADIUS Change-of-Authorization

Table of Contents

Other manuals for Cisco Catalyst 2960 Series

Preview: Datasheet
Datasheet21 pages
Preview: Brochure & Specs
Brochure & Specs10 pages
Preview: Product Bulletin
Product Bulletin5 pages
Preview: Specifications
Specifications2 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2960 Series and is the answer not in the manual?

Cisco Catalyst 2960 Series Specifications

General IconGeneral
LayerLayer 2
Power over Ethernet (PoE)Available on some models
RAM128 MB
Flash Memory32 MB
MAC Address Table Size8000
Operating Temperature0°C to 45°C (32 to 113°F)
Ports24 or 48 x 10/100/1000

Related product manuals