151
Configuring Switch-Based Authentication
Information About Configuring Switch-Based Authentication
Radius COA Overview
A standard RADIUS interface is typically used in a pulled model where the request originates from a network attached
device and the response come from the queried servers. Catalyst switches support the RADIUS Change of Authorization
(CoA) extensions defined in RFC 5176 that are typically used in a pushed model and allow for the dynamic reconfiguring
of sessions from external authentication, authorization, and accounting (AAA) or policy servers.
The switch supports these per-session CoA requests:
Session reauthentication
Session termination
Session termination with port shutdown
Session termination with port bounce
Change-of-Authorization Requests
Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow for session
identification, host reauthentication, and session termination. The model is comprised of one request (CoA-Request) and
two possible response codes:
CoA acknowledgement (ACK) [CoA-ACK]
CoA non-acknowledgement (NAK) [CoA-NAK]
The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the switch that acts as a
listener.
RFC 5176 Compliance
The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported by the switch
for session termination.
To Next Page
Loading...
Need help?
General
