Configuring Packet Of Disconnect - Cisco M10-RM Software Manual

Configuring and Enabling RADIUS
Beginning in privileged EXEC mode, follow these steps to specify RADIUS authorization for privileged
EXEC access and network services:
Command
Step 1 configure terminal
Step 2
aaa authorization network radius
Step 3
aaa authorization exec radius
Step 4
end
Step 5
show running-config
Step 6 copy running-config startup-config
To disable authorization, use the no aaa authorization {network | exec} method1 global configuration
command.

Configuring Packet of Disconnect

Packet of Disconnect (PoD) is also known as Disconnect Message. Additional information on PoD can
be found in the Internet Engineering Task Force (IETF) Internet Standard RFC 3576
Packet of Disconnect consists of a method of terminating a session that has already been connected. The
PoD is a RADIUS Disconnect_Request packet and is intended to be used in situations where the
authenticating agent server wants to disconnect the user after the session has been accepted by the
RADIUS access_accept packet. This may be needed in at least two situations:
•
•
When a session is terminated, the RADIUS server sends a disconnect message to the Network Access
Server (NAS); an access point or WDS. For 802.11 sessions, the Calling-Station-ID [31] RADIUS
attribute (the MAC address of the client) must be supplied in the Pod request. The access point or WDS
attempts to disassociate the relevant session and then sends a disconnect response message back to the
RADIUS server. The message types are as follows:
•
•
•
Refer to your RADIUS server application documentation for instructions on how to configure PoD
Note
requests.
The access point does not block subsequent attempts by the client to reassociate. It is the responsibility
Note
of the security administrator to disable the client account before issuing a PoD request.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
13-12
Purpose
Enter global configuration mode.
Configure the access point for user RADIUS authorization for all
network-related service requests.
Configure the access point for user RADIUS authorization to determine if
the user has privileged EXEC access.
The exec keyword might return user profile information (such as
autocommand information).
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Detection of fraudulent use, which cannot be performed before accepting the call.
Disconnecting hot spot users when their prepaid access time has expired.
40—Disconnect-Request
41—Disconnect—ACK
42—Disconnect—NAK
Chapter 13 Configuring RADIUS and TACACS+ Servers
OL-14209-01