Chapter 9
Configuring Switch-Based Authentication
This feature is integrated with the Cisco Secure Access Control Server (ACS) 5.1. For information about
ACS:
http://www.cisco.com/en/US/products/ps9911/tsd_products_support_series_home.html
The RADIUS interface is enabled by default on Catalyst switches. However, some basic configuration
is required for these attributes:
•
•
Change-of-Authorization Requests
Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow
for session identification, host reauthentication, and session termination. The model is comprised of one
request (CoA-Request) and two possible response codes:
•
•
The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the
switch that acts as a listener.
This section includes these topics:
•
•
•
RFC 5176 Compliance
The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported
by the switch for session termination.
Table 9-2
Table 9-2
Attribute Number
24
31
44
80
101
Table 9-3
OL-19720-02
Security and Password—See the
"Configuring Switch-Based Authentication" chapter in the Catalyst 3750 Switch Software
Configuration Guide, Cisco Release 12.2(50)SE.
Accounting—See the
"Starting RADIUS Accounting"
Authentication" chapter in the Catalyst 3750 Switch Software Configuration Guide, 12.2(50)SE.
CoA acknowledgement (ACK) [CoA-ACK]
CoA non-acknowledgement (NAK) [CoA-NAK]
CoA Request Response Code
CoA Request Commands
Session Reauthentication
shows the IETF attributes are supported for this feature.
Supported IETF Attributes
Attribute Name
State
Calling-Station-ID
Acct-Session-ID
Message-Authenticator
Error-Cause
shows the possible values for the Error-Cause attribute.
"Preventing Unauthorized Access to Your Switch"
section in the "Configuring Switch-Based
Catalyst 2975 Switch Software Configuration Guide
Controlling Switch Access with RADIUS
section in the
9-21