6-46
RADIUS Authentication, Authorization, and Accounting
VLAN Assignment in an Authentication Session
tion parameters (such as VLAN assignment) used in an active client
session on the switch. The switch (NAS) does not have to initiate the
exchange.
For example, for security reasons you may want to limit the network
services granted to an authenticated user. In this case, you can change the
user profile on the RADIUS server and have the new authorization settings
take effect immediately in the active client session. The Change-of-Autho-
rization attribute provides the mechanism to dynamically update an active
client session with a new user policy that is sent in RADIUS packets. See
figures 6-16 and 6-17. See “3. Configure the Switch To Access a RADIUS
Server” on page 6-14 for configuration commands for dynamic authoriza-
tion.
Figure 6-16. Example of Output for Dynamic Authorization Configuration
HP Switch(config)# show radius dyn-authorization
Status and Counters - RADIUS Dynamic Authorization Information
NAS Identifier : LAB-8212
Invalid Client Addresses (CoA-Reqs) : 0
Invalid Client Addresses (Disc-Reqs) : 0
Disc Disc Disc CoA CoA CoA
Client IP Addr Reqs ACKs NAKs Reqs ACKs NAKs
--------------- -------- -------- -------- -------- -------- --------
154.34.23.106 1 1 0 2 2 0
154.45.234.12 2 1 1 3 3 0
To Next Page
Loading...
