Cisco Catalyst 3750-E Software Configuration Manual page 250
Hide thumbs
Also See for Catalyst 3750-E:
- Getting started manual (27 pages) ,
- Product support bulletin (6 pages) ,
- Configuration handbook (359 pages)
Table of Contents
Advertisement
Controlling Switch Access with RADIUS
Session Identification
For disconnect and CoA requests targeted at a particular session, the switch locates the session based on
one or more of the following attributes:
•
•
•
Unless all session identification attributes included in the CoA message match the session, the switch
returns a Disconnect-NAK or CoA-NAK with the "Invalid Attribute Value" error-code attribute.
For disconnect and CoA requests targeted to a particular session, any one of the following session
identifiers can be used:
•
•
•
If more than one session identification attribute is included in the message, all the attributes must match
the session or the switch returns a Disconnect- negative acknowledgement (NAK) or CoA-NAK with the
error code "Invalid Attribute Value."
The packet format for a CoA Request code as defined in RFC 5176 consists of the fields: Code,
Identifier, Length, Authenticator, and Attributes in Type:Length:Value (TLV) format.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
|
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
+-+-+-+-+-+-+-+-+-+-+-+-+-
The attributes field is used to carry Cisco VSAs.
CoA ACK Response Code
If the authorization state is changed successfully, a positive acknowledgement (ACK) is sent. The
attributes returned within CoA ACK will vary based on the CoA Request and are discussed in individual
CoA Commands.
CoA NAK Response Code
A negative acknowledgement (NAK) indicates a failure to change the authorization state and can include
attributes that indicate the reason for the failure. Use show commands to verify a successful CoA.
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
9-22
Calling-Station-Id (IETF attribute #31 which contains the host MAC address)
Audit-Session-Id (Cisco VSA)
Acct-Session-Id (IETF attribute #44)
Calling-Station-ID (IETF attribute #31, which should contain the MAC address)
Audit-Session-ID (Cisco vendor-specific attribute)
Accounting-Session-ID (IETF attribute #44).
0
1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Code
|
Identifier
Attributes ...
Chapter 9
2
|
Length
Authenticator
Configuring Switch-Based Authentication
3
|
|
|
|
|
OL-9775-08
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
