Security Commands 907
The administrator can configure whether all or any of the session attributes
are used to identify a client session. If all is configured, all session
identification attributes included in the CoA Disconnect-Request must
match a session or the device returns a Disconnect-NAK or CoA-NAK with
the “Invalid Attribute Value” error-code attribute.
Dell EMC Networking supports the following attributes in responses:
• State (IETF attribute #24)
• Calling-Station-ID (IETF attribute #31)
• Acct-Session-ID (IETF attribute #44)
• Message-Authenticator (IETF attribute #80)
• Error-Cause (IETF attribute #101)
A CoA NAK message is not sent for all CoA requests with a key mismatch.
The message is sent only for the first three requests for a client. After that, all
the packets from that client are dropped. When there is a key mismatch, the
response authenticator sent with the CoA NAK message is calculated from a
dummy key value.
The Dell EMC Networking switch starts listening to the client again based on
re-authentication timer.
Refer to the RADIUS Change of Authorization section in the Users
Configuration Guide for examples of configuring RADIUS CoA.
Commands in this Section
This section explains the following commands:
acct-port primary radius-server source-ip
attribute 6 priority radius-server source-
interface
attribute 8 radius-server attribute 4 radius-server timeout
attribute 25 radius-server attribute 6 retransmit
attribute 31 radius-server attribute 8 show aaa servers
authentication event fail
retry
radius-server attribute 25 show radius statistics
To Next Page
Loading...
