151
Configuring Switch-Based Authentication
Information About Configuring Switch-Based Authentication
Radius COA Overview
A standard RADIUS interface is typically used in a pulled model where the request originates from a network attached
device and the response come from the queried servers. Catalyst switches support the RADIUS Change of Authorization
(CoA) extensions defined in RFC 5176 that are typically used in a pushed model and allow for the dynamic reconfiguring
of sessions from external authentication, authorization, and accounting (AAA) or policy servers.
The switch supports these per-session CoA requests:
Session reauthentication
Session termination
Session termination with port shutdown
Session termination with port bounce
Change-of-Authorization Requests
Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow for session
identification, host reauthentication, and session termination. The model is comprised of one request (CoA-Request) and
two possible response codes:
CoA acknowledgement (ACK) [CoA-ACK]
CoA non-acknowledgement (NAK) [CoA-NAK]
The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the switch that acts as a
listener.
RFC 5176 Compliance
The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported by the switch
for session termination.
To Next Page
Loading...
