9-21
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 9 Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
Change-of-Authorization Requests
Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow
for session identification, host reauthentication, and session termination. The model is comprised of one
request (CoA-Request) and two possible response codes:
• CoA acknowledgement (ACK) [CoA-ACK]
• CoA non-acknowledgement (NAK) [CoA-NAK]
The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the
switch that acts as a listener.
This section includes these topics:
• CoA Request Response Code
• CoA Request Commands
• Session Reauthentication
RFC 5176 Compliance
The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported
by the switch for session termination.
Table 9-2 shows the IETF attributes are supported for this feature.
Table 9-3 shows the possible values for the Error-Cause attribute.
Table 9-2 Supported IETF Attributes
Attribute Number Attribute Name
24 State
31 Calling-Station-ID
44 Acct-Session-ID
80 Message-Authenticator
101 Error-Cause
Table 9-3 Error-Cause Values
Value Explanation
201 Residual Session Context Removed
202 Invalid EAP Packet (Ignored)
401 Unsupported Attribute
402 Missing Attribute
403 NAS Identification Mismatch
404 Invalid Request
405 Unsupported Service
406 Unsupported Extension
407 Invalid Attribute Value
To Next Page
Loading...
