Coa Session Terminate Command - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Information About RADIUS Change-of-Authorization
CoA Session Terminate Command
A CoA Disconnect-Request command terminates a session without disabling the host port. This command
causes reinitialization of the authenticator state machine for the specified host, but does not restrict the host's
access to the network. If the session cannot be located, the device returns a Disconnect-NAK message with
the "Session Context Not Found" error-code attribute. If the session is located, the device terminates the
session. After the session has been completely removed, the device returns a Disconnect-ACK.
If the device fails before returning a CoA-ACK to the client, the process is repeated on the new active device
when the request is re-sent from the client.
To restrict a host's access to the network, use a CoA Request with the
Cisco:Avpair="subscriber:command=disable-host-port" VSA. This command is useful when a host is known
to cause problems on the network and network access needs to be immediately blocked for the host. When
you want to restore network access on the port, reenable it using a non-RADIUS mechanism.
Stacking Guidelines for Session Termination
No special handling is required for CoA Disconnect-Request messages in a switch stack.
Stacking Guidelines for CoA-Request Bounce-Port
Because the bounce-port command is targeted at a session, not a port, if the session is not found, the command
cannot be executed.
When the Auth Manager command handler on the stack master receives a valid bounce-port command, it
checkpoints the following information before returning a CoA-ACK message:
• the need for a port-bounce
• the port-id (found in the local session context)
The switch initiates a port-bounce (disables the port for 10 seconds, then re-enables it).
If the port-bounce is successful, the signal that triggered the port-bounce is removed from the standby stack
master.
If the stack master fails before the port-bounce completes, a port-bounce is initiated after stack master
change-over based on the original command (which is subsequently removed).
If the stack master fails before sending a CoA-ACK message, the new stack master treats the re-sent command
as a new command.
Stacking Guidelines for CoA-Request Disable-Port
Because the disable-port command is targeted at a session, not a port, if the session is not found, the command
cannot be executed.
When the Auth Manager command handler on the stack master receives a valid disable-port command, it
verifies this information before returning a CoA-ACK message:
• the need for a port-disable
• the port-id (found in the local session context)
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
972
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
