Radius Change Of Authorization - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Controlling Switch Access with RADIUS
The ACCEPT or REJECT response is bundled with additional data that is used for privileged EXEC or
network authorization. Users must first successfully complete RADIUS authentication before
proceeding to RADIUS authorization, if it is enabled. The additional data included with the ACCEPT or
REJECT packets includes these items:
•
•
RADIUS Change of Authorization
To use this feature, the switch must be running the LAN Base image.
This section provides an overview of the RADIUS interface including available primitives and how they
are used during a Change of Authorization (CoA).
•
•
•
•
•
•
Overview
A standard RADIUS interface is typically used in a pulled model where the request originates from a
network attached device and the response come from the queried servers. Catalyst switches support the
RADIUS Change of Authorization (CoA) extensions defined in RFC 5176 that are typically used in a
pushed model and allow for the dynamic reconfiguring of sessions from external authentication,
authorization, and accounting (AAA) or policy servers.
Beginning with Cisco IOS Release 12.2(52)SE, the switch supports these per-session CoA requests:
•
•
•
•
This feature is integrated with the Cisco Secure Access Control Server (ACS) 5.1. For information about
ACS:
http://www.cisco.com/en/US/products/ps9911/tsd_products_support_series_home.html
The RADIUS interface is enabled by default on Catalyst switches. However, some basic configuration
is required for these attributes:
•
•
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
9-20
Telnet, SSH, rlogin, or privileged EXEC services
Connection parameters, including the host or client IP address, access list, and user timeouts
Overview, page 9-20
Change-of-Authorization Requests, page 9-21
CoA Request Response Code, page 9-22
CoA Request Commands, page 9-23
Session Reauthentication, page 9-23
Stacking Guidelines for Session Termination, page 9-25
Session reauthentication
Session termination
Session termination with port shutdown
Session termination with port bounce
Security and Password—See the
"Configuring Switch-Based Authentication" chapter in the Catalyst 3750 Switch Software
Configuration Guide, Cisco Release 12.2(50)SE.
Accounting—See the
"Starting RADIUS Accounting"
Authentication" chapter in the Catalyst 3750 Switch Software Configuration Guide, 12.2(50)SE.
Chapter 9
"Preventing Unauthorized Access to Your Switch"
section in the "Configuring Switch-Based
Configuring Switch-Based Authentication
section in the
OL-26520-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
