Coa Activate Service Command - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Information About RADIUS Change-of-Authorization
When a device with no supplicant, such as a printer, needs to acquire a new IP address (for example, after a
VLAN change), terminate the session on the host port with port-bounce (temporarily disable and then re-enable
the port).
CoA Activate Service Command
The CoA activate service command can be used to activate a service template on a session. The AAA server
sends the request in a standard CoA-Request message using the following VSAs:
Cisco:Avpair="subscriber:command=activate-service"
Cisco:Avpair="subscriber:service-name=<service-name>"
Cisco:Avpair="subscriber:precedence=<precedence-number>"
Cisco:Avpair="subscriber:activation-mode=replace-all"
Because this command is session-oriented, it must be accompanied by one or more of the session identification
attributes described in the Session Identification section below. If the device cannot locate a session, it returns
a CoA-NAK message with the "Session Context Not Found" error-code attribute. If the device locates a session,
it initiates an activate template operation for the hosting port and a CoA-ACK is returned. If activating the
template fails, a CoA-NAK message is returned with the Error-Code attribute set to the appropriate message.
If the device fails before returning a CoA-ACK to the client, the process is repeated on the new active device
when the request is re-sent from the client. If the device fails after returning a CoA-ACK message to the client
but before the operation is complete, the operation is restarted on the new active device.
Session Identification
For disconnect and CoA requests targeted at a particular session, the device locates the session based on one
or more of the following attributes:
• Acct-Session-Id (IETF attribute #44)
• Audit-Session-Id (Cisco VSA)
• Calling-Station-Id (IETF attribute #31, which contains the host MAC address)
• IPv6 Attributes, which can be one of the following:
• Plain IP Address (IETF attribute #8)
If more than one session identification attribute is included in the message, all of the attributes must match
the session or the device returns a Disconnect-NAK or CoA-NAK with the error code "Invalid Attribute
Value."
For CoA requests targeted at a particular enforcement policy, the device returns a CoA-NAK with the error
code "Invalid Attribute Value" if any of the above session identification attributes are included in the message.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
968
• Framed-IPv6-Prefix (IETF attribute #97) and Framed-Interface-Id (IETF attribute #96), which
together create a full IPv6 address per RFC 3162
• Framed-IPv6-Address
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
