Configuring RADIUS
Value
501
502
503
504
505
506
507
508
CoA Request Response Code
The CoA Request response code can be used to convey a command to the switch.
Related Topics
CoA Request Commands, on page 58
Session Identification
For disconnect and CoA requests targeted at a particular session, the switch locates the session based on one
or more of the following attributes:
• Calling-Station-Id (IETF attribute #31 which contains the host MAC address)
• Audit-Session-Id (Cisco VSA)
• Acct-Session-Id (IETF attribute #44)
Unless all session identification attributes included in the CoA message match the session, the switch returns
a Disconnect-NAK or CoA-NAK with the "Invalid Attribute Value" error-code attribute.
If more than one session identification attribute is included in the message, all the attributes must match the
session or the switch returns a Disconnect- negative acknowledgment (NAK) or CoA-NAK with the error
code "Invalid Attribute Value."
The packet format for a CoA Request code as defined in RFC 5176 consists of the fields: Code, Identifier,
Length, Authenticator, and Attributes in Type:Length:Value (TLV) format.
0
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
OL-29434-01
1
Code
|
Identifier
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
Explanation
Administratively Prohibited
Request Not Routable (Proxy)
Session Context Not Found
Session Context Not Removable
Other Proxy Processing Error
Resources Unavailable
Request Initiated
Multiple Session Selection Unsupported
2
|
Length
RADIUS Change of Authorization
3
|
|
57