Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

46-99

Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E

OL_28731-01

Chapter 46 Configuring 802.1X Port-Based Authentication

Controlling Switch Access with RADIUS

RADIUS Change of Authorization

This section provides an overview of the RADIUS interface including available primitives and how they

are used during a Change of Authorization (CoA).

• Overview, page 46-99

• Change-of-Authorization Requests, page 46-99

• CoA Request Response Code, page 46-100

• CoA Request Commands, page 46-101

• Session Reauthentication, page 46-102

• Displaying 802.1X Statistics and Status, page 46-126

Overview

A standard RADIUS interface is typically used in a pulled model where the request originates from a

network attached device and the response come from the queried servers. Catalyst switches support the

RADIUS Change of Authorization (CoA) extensions defined in RFC 5176 that are typically used in a

pushed model and allow for the dynamic reconfiguring of sessions from external authentication,

authorization, and accounting (AAA) or policy servers.

The switch supports these per-session CoA requests:

• Session reauthentication

• Session termination

• Session termination with port shut down

• Session termination with port bounce

The RADIUS interface is enabled by default on Catalyst switches.

Change-of-Authorization Requests

Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow

for session identification, host reauthentication, and session termination. The model is comprised of one

request (CoA-Request) and two possible response codes:

• CoA acknowledgement (ACK) [CoA-ACK]

• CoA non-acknowledgement (NAK) [CoA-NAK]

The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the

switch that acts as a listener.

This section includes these topics:

• CoA Request Response Code

• CoA Request Commands

• Session Reauthentication

RFC 5176 Compliance

The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported

by the switch for session termination.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Software Configuration Guide2086 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E