Radius Change Of Authorization - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 46
Configuring 802.1X Port-Based Authentication
RADIUS Change of Authorization
This section provides an overview of the RADIUS interface including available primitives and how they
are used during a Change of Authorization (CoA).
•
•
•
•
•
•
Overview
A standard RADIUS interface is typically used in a pulled model where the request originates from a
network attached device and the response come from the queried servers. Catalyst switches support the
RADIUS Change of Authorization (CoA) extensions defined in RFC 5176 that are typically used in a
pushed model and allow for the dynamic reconfiguring of sessions from external authentication,
authorization, and accounting (AAA) or policy servers.
The switch supports these per-session CoA requests:
•
•
•
•
The RADIUS interface is enabled by default on Catalyst switches.
Change-of-Authorization Requests
Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow
for session identification, host reauthentication, and session termination. The model is comprised of one
request (CoA-Request) and two possible response codes:
•
•
The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the
switch that acts as a listener.
This section includes these topics:
•
•
•
RFC 5176 Compliance
The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported
by the switch for session termination.
OL_28731-01
Overview, page 46-99
Change-of-Authorization Requests, page 46-99
CoA Request Response Code, page 46-100
CoA Request Commands, page 46-101
Session Reauthentication, page 46-102
Displaying 802.1X Statistics and Status, page 46-126
Session reauthentication
Session termination
Session termination with port shut down
Session termination with port bounce
CoA acknowledgement (ACK) [CoA-ACK]
CoA non-acknowledgement (NAK) [CoA-NAK]
CoA Request Response Code
CoA Request Commands
Session Reauthentication
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Controlling Switch Access with RADIUS
46-99
Advertisement
Chapters
Table of Contents
Troubleshooting
