hit counter script

Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual

Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs Also See for Catalyst 2960 series:
Table of Contents

Advertisement

Information About RADIUS Change-of-Authorization
section provides an overview of the RADIUS interface including available primitives and how they are used
during a CoA.
• Change-of-Authorization Requests
• CoA Request Response Code
• CoA Request Commands
• Session Reauthentication
• Stacking Guidelines for Session Termination
A standard RADIUS interface is typically used in a pulled model where the request originates from a network
attached device and the response come from the queried servers. Catalyst switches support the RADIUS CoA
extensions defined in RFC 5176 that are typically used in a pushed model and allow for the dynamic
reconfiguring of sessions from external AAA or policy servers.
The switch supports these per-session CoA requests:
• Session reauthentication
• Session termination
• Session termination with port shutdown
• Session termination with port bounce
This feature is integrated with Cisco Secure Access Control Server (ACS) 5.1.
The RADIUS interface is enabled by default on Catalyst switches. However, some basic configuration is
required for the following attributes:
• Security and Password—refer to the "Preventing Unauthorized Access to Your Switch" section in this
guide.
• Accounting—refer to the "Starting RADIUS Accounting" section in the Configuring Switch-Based
Authentication chapter in this guide.
Cisco IOS software supports the RADIUS CoA extensions defined in RFC 5176 that are typically used in a
push model to allow the dynamic reconfiguring of sessions from external AAA or policy servers. Per-session
CoA requests are supported for session identification, session termination, host reauthentication, port shutdown,
and port bounce. This model comprises one request (CoA-Request) and two possible response codes:
• CoA acknowledgement (ACK) [CoA-ACK]
• CoA nonacknowledgement (NAK) [CoA-NAK]
The request is initiated from a CoA client (typically a AAA or policy server) and directed to the device that
acts as a listener.
The table below shows the RADIUS CoA commands and vendor-specific attributes (VSAs) supported by
Identity-Based Networking Services. All CoA commands must include the session identifier between the
device and the CoA client.

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)

962

Advertisement

Table of Contents
loading

Table of Contents