hit counter script

Coa Ack Response Code; Coa Nak Response Code; Coa Request Commands - Cisco Catalyst 2960-X Security Configuration Manual

Cisco ios release 15.0(2)ex
Hide thumbs Also See for Catalyst 2960-X:
Table of Contents

Advertisement

Configuring RADIUS
If more than one session identification attribute is included in the message, all the attributes must match the
session or the switch returns a Disconnect- negative acknowledgment (NAK) or CoA-NAK with the error
code "Invalid Attribute Value."
The packet format for a CoA Request code as defined in RFC 5176 consists of the fields: Code, Identifier,
Length, Authenticator, and Attributes in Type:Length:Value (TLV) format.
0
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
|
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
+-+-+-+-+-+-+-+-+-+-+-+-+-
The attributes field is used to carry Cisco vendor-specific attributes (VSAs).
For CoA requests targeted at a particular enforcement policy, the device returns a CoA-NAK with the error
code "Invalid Attribute Value" if any of the above session identification attributes are included in the message.
Related Topics
CoA Disconnect-Request, on page 67
CoA Request: Disable Host Port, on page 67
CoA Request: Bounce-Port, on page 68

CoA ACK Response Code

If the authorization state is changed successfully, a positive acknowledgment (ACK) is sent. The attributes
returned within CoA ACK will vary based on the CoA Request and are discussed in individual CoA Commands.

CoA NAK Response Code

A negative acknowledgment (NAK) indicates a failure to change the authorization state and can include
attributes that indicate the reason for the failure. Use show commands to verify a successful CoA.

CoA Request Commands

Table 10: CoA Commands Supported on the switch
Command
1
Reauthenticate host
Terminate session
Bounce host port
OL-29048-01
1
Code
|
Identifier
Authenticator
Attributes ...
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
2
|
Length
Cisco VSA
Cisco:Avpair="subscriber:command=reauthenticate"
This is a standard disconnect request that does not
require a VSA.
Cisco:Avpair="subscriber:command=bounce-host-port"
RADIUS Change of Authorization
3
|
|
|
|
|
65

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents