Radius Operation; Radius Change Of Authorization - Cisco Catalyst 3750-X Software Configuration Manual

Hide thumbs Also See for Catalyst 3750-X:

Table of Contents

Configuring Switch-Based Authentication

RADIUS Operation

When a user attempts to log in and authenticate to a switch that is access controlled by a RADIUS server,

these events occur:

The ACCEPT or REJECT response is bundled with additional data that is used for privileged EXEC or

network authorization. Users must first successfully complete RADIUS authentication before

proceeding to RADIUS authorization, if it is enabled. The additional data included with the ACCEPT or

REJECT packets includes these items:

This section provides an overview of the RADIUS interface including available primitives and how they

are used during a Change of Authorization (CoA).

Transitioning from RADIUS to TACACS+ Services

The user is prompted to enter a username and password.

The username and encrypted password are sent over the network to the RADIUS server.

The user receives one of these responses from the RADIUS server:

ACCEPT—The user is authenticated.

REJECT—The user is either not authenticated and is prompted to re-enter the username and

password, or access is denied.

CHALLENGE—A challenge requires additional data from the user.

CHALLENGE PASSWORD—A response requests the user to select a new password.

Telnet, SSH, rlogin, or privileged EXEC services

Connection parameters, including the host or client IP address, access list, and user timeouts

Change-of-Authorization Requests, page 10-20

CoA Request Response Code, page 10-21

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

Controlling Switch Access with RADIUS

Show Quick Links

Table of Contents

Catalyst 3560-x