Session Identification - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Information About RADIUS Change-of-Authorization
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
|
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
The attributes field is used to carry Cisco vendor-specific attributes (VSAs).
For CoA requests targeted at a particular enforcement policy, the device returns a CoA-NAK with the error
code "Invalid Attribute Value" if any of the above session identification attributes are included in the message.
Session Identification
For disconnect and CoA requests targeted at a particular session, the device locates the session based on one
or more of the following attributes:
• Acct-Session-Id (IETF attribute #44)
• Audit-Session-Id (Cisco VSA)
• Calling-Station-Id (IETF attribute #31, which contains the host MAC address)
• IPv6 Attributes, which can be one of the following:
• Plain IP Address (IETF attribute #8)
If more than one session identification attribute is included in the message, all of the attributes must match
the session or the device returns a Disconnect-NAK or CoA-NAK with the error code "Invalid Attribute
Value."
For CoA requests targeted at a particular enforcement policy, the device returns a CoA-NAK with the error
code "Invalid Attribute Value" if any of the above session identification attributes are included in the message.
CoA ACK Response Code
If the authorization state is changed successfully, a positive acknowledgment (ACK) is sent. The attributes
returned within CoA ACK will vary based on the CoA Request and are discussed in individual CoA Commands.
CoA NAK Response Code
A negative acknowledgment (NAK) indicates a failure to change the authorization state and can include
attributes that indicate the reason for the failure. Use show commands to verify a successful CoA.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
966
Code
|
Identifier
Authenticator
• Framed-IPv6-Prefix (IETF attribute #97) and Framed-Interface-Id (IETF attribute #96), which
together create a full IPv6 address per RFC 3162
• Framed-IPv6-Address
|
Length
|
|
|
|
|
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
