KB.15.15

diagnose network operational problems and generate reports on terminated sessions. This

attribute provides extended information on the statistics provided by the acct-terminate-cause

attribute.

• Change-of-Authorization (CoA) (RFC 3576

Dynamic Authorization Extensions to RADIUS): A mechanism that allows a RADIUS server to

dynamically disconnect messages (DM) or change the authorization parameters (such as VLAN

assignment) used in an active client session on the switch. The switch (NAS) does not have to

initiate the exchange.

For example, for security reasons you may want to limit the network services granted to an

authenticated user. In this case, you can change the user profile on the RADIUS server and have

the new authorization settings take effect immediately in the active client session. The

Change-of-Authorization attribute provides the mechanism to dynamically update an active client

session with a new user policy that is sent in RADIUS packets. See Figure 143 (page 185) and

Figure 144 (page 185). See “Configuring the switch to access a RADIUS server” (page 147) for

configuration commands for dynamic authorization.

Figure 143 Output for dynamic authorization configuration

Figure 144 Output showing dynamic authorization statistics

Accounting services

RADIUS accounting collects data about user activity and system events and sends it to a RADIUS

server when specified events occur on the switch, such as a logoff or a reboot.

Accounting service types

The switch supports four types of accounting services:

• Networkaccounting

Provides records containing the information listed below on clients directly connected to the

switch and operating under Port-Based Access Control (802.1X):

Table 13 Client records provided under port-based access control

• Service-Type• Acct-Output-Packets• Acct-Session-Id

• ••Acct-Status-Type NAS-IP-AddressAcct-Input-Octets

Using 185