49-98
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Controlling Switch Access with RADIUS
Change-of-Authorization Requests
Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow for session identification,
host reauthentication, and session termination. The model is comprised of one request (CoA-Request) and two possible
response codes:
• CoA acknowledgement (ACK) [CoA-ACK]
• CoA non-acknowledgement (NAK) [CoA-NAK]
The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the switch that acts as a listener.
This section includes these topics:
• CoA Request Response Code
• CoA Request Commands
• Session Reauthentication
RFC 5176 Compliance
The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported by the switch for
session termination.
Table 49-2 shows the IETF attributes are supported for this feature.
Table 49-3 shows the possible values for the Error-Cause attribute.
Table 49-2 Supported IETF Attributes
Attribute Number Attribute Name
24 State
31 Calling-Station-ID
44 Acct-Session-ID
80 Message-Authenticator
101 Error-Cause
Table 49-3 Error-Cause Values
Value Explanation
201 Residual Session Context Removed
202 Invalid EAP Packet (Ignored)
401 Unsupported Attribute
402 Missing Attribute
403 NAS Identification Mismatch
404 Invalid Request
405 Unsupported Service
406 Unsupported Extension
407 Invalid Attribute Value
501 Administratively Prohibited
To Next Page
Loading...
Need help?
General
