Table of Contents
Advertisement
This implies that the client can connect from any port and be assigned to the
appropriate VLAN, which may be already configured on an uplink interface.
This gives flexibility for clients to move around the network with out
requiring the operator to perform additional provisioning for each network
interface.
RADIUS Change of Authorization
Dell EMC Networking supports the Change of Authorization Disconnect -
Request per RFC 3575. The Dell EMC Networking switch listens for the
Disconnect-Request on UDP port 3799. The Disconnect-Request identifies
the user session to be terminated using the following attributes:
•
State (IETF attribute #24)
•
Acct-Session-Id (IETF attribute #44)
•
Calling-Station-Id (IETF attribute #31, which contains the host MAC
address)
The following messages from RFC 3575 are supported:
•
40 - Disconnect-Request
•
41 - Disconnect-ACK
•
42 - Disconnect-NAK
A CoA Disconnect-Request terminates the session without disabling the
switch port. Instead, CoA Disconnect-Request termination causes re-
initialization of the authenticator state machine for the specified host. MAC
port control can be enabled for 802.1x sessions. In this case, if the RADIUS
server issues a disconnect request and subsequently does not authorize the
MAC address to access network resources, the host is effectively denied
network access.
If the session cannot be located, the device returns a Disconnect-NAK
message with the "Session Context Not Found" error-code attribute. If the
session is located, the device terminates the session. After the session has
been completely removed, the device returns a Disconnect-ACK message.
The attributes returned within a CoA ACK can vary based on the CoA
Request.
Security Commands
906
Advertisement
Table of Contents
