HP 3500yl Series Access Security Manual page 283
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
HP Switch
(config)# show radius dyn-authorization
Status and Counters - RADIUS Dynamic Authorization Information
NAS Identifier : LAB-8212
Invalid Client Addresses (CoA-Reqs) : 0
Invalid Client Addresses (Disc-Reqs) : 0
Client IP Addr
--------------- -------- -------- -------- -------- -------- --------
154.34.23.106
154.45.234.12
Figure 6-16. Example of Output for Dynamic Authorization Configuration
reports on terminated sessions. This attribute provides extended
information on the statistics provided by the acct-terminate-cause
attribute.
Change-of-Authorization (CoA) (RFC 3576: Dynamic Authorization
■
Extensions to RADIUS): A mechanism that allows a RADIUS server
to dynamically disconnect messages (DM) or change the authoriza-
tion parameters (such as VLAN assignment) used in an active client
session on the switch. The switch (NAS) does not have to initiate the
exchange.
For example, for security reasons you may want to limit the network
services granted to an authenticated user. In this case, you can change the
user profile on the RADIUS server and have the new authorization settings
take effect immediately in the active client session. The Change-of-Autho-
rization attribute provides the mechanism to dynamically update an active
client session with a new user policy that is sent in RADIUS packets. See
figures 6-16 and 6-17. See "3. Configure the Switch To Access a RADIUS
Server" on page 6-15 for configuration commands for dynamic authoriza-
tion.
Disc
Disc
Reqs
ACKs
1
1
2
1
RADIUS Authentication, Authorization, and Accounting
VLAN Assignment in an Authentication Session
Disc
CoA
NAKs
Reqs
0
2
1
3
CoA
CoA
ACKs
NAKs
2
0
3
0
6-49
Hide quick links:
Advertisement
Chapters
Table of Contents
