Change-Of-Authorization Requests; Coa Request Response Code; Coa Request Commands - Cisco Catalyst 3750-X Software Configuration Manual
Hide thumbs
Also See for Catalyst 3750-X:
- Command reference manual (1244 pages) ,
- Message manual (150 pages) ,
- Getting started manual (22 pages)
Table of Contents
Advertisement
Controlling Switch Access with RADIUS
•
•
•
A standard RADIUS interface is typically used in a pulled model where the request originates from a
network attached device and the response come from the queried servers. Catalyst switches support the
RADIUS Change of Authorization (CoA) extensions defined in RFC 5176 that are typically used in a
pushed model and allow for the dynamic reconfiguring of sessions from external authentication,
authorization, and accounting (AAA) or policy servers.
Beginning with Cisco IOS Release 12.2(52)SE, the switch supports these per-session CoA requests:
•
•
•
•
This feature is integrated with the Cisco Secure Access Control Server (ACS) 5.1. For information about
ACS, refer to:
The RADIUS interface is enabled by default on Catalyst switches. However, some basic configuration
is required for the following attributes:
•
•
Change-of-Authorization Requests
Change of Authorization (CoA) requests, as described in RFC 5176, are used in a push model to allow
for session identification, host reauthentication, and session termination. The model is comprised of one
request (CoA-Request) and two possible response codes:
•
•
The request is initiated from a CoA client (typically a RADIUS or policy server) and directed to the
switch that acts as a listener.
This section includes these topics:
•
•
•
RFC 5176 Compliance
The Disconnect Request message, which is also referred to as Packet of Disconnect (POD), is supported
by the switch for session termination.
Table 10-2
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
10-20
CoA Request Commands, page 10-22
Session Reauthentication, page 10-23
Stacking Guidelines for Session Termination, page 10-25
Session reauthentication
Session termination
Session termination with port shutdown
Session termination with port bounce
http://cisco.com/en/US/products/ps9911/tsd_products_support_series_home.html
Security and Password—refer to the
the Configuring Switch-Based Authentication chapter in the Catalyst 3750 Switch Software
Configuration Guide, 12.2(50)SE.
Accounting—refer to the
"Starting RADIUS Accounting"
Authentication chapter in the Catalyst 3750 Switch Software Configuration Guide, 12.2(50)SE.
CoA acknowledgement (ACK) [CoA-ACK]
CoA non-acknowledgement (NAK) [CoA-NAK]
CoA Request Response Code
CoA Request Commands
Session Reauthentication
shows the IETF attributes are supported for this feature.
Chapter 10
"Preventing Unauthorized Access to Your Switch"
section in the Configuring Switch-Based
Configuring Switch-Based Authentication
section in
OL-21521-01
- Quick Links:
- Table of Contents
- Deployment Features
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
