Manualshelf

CLI Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
941942943944945946947948949950
Security Commands 941
User Guidelines
Configuring a dynamic RADIUS server causes the system to begin listening
on the default port 3799 for RADIUS CoA requests. The switch ensures that a
unique session key is sent to the RADIUS server in all Access-Request
packets. The Acct-Session-Id, User-Name, and Calling-Station-Id, Framed-
IP-Address, NAS-IP-Address (if configured in switch), NAS-Port identifiers
are maintained in the switch for 802.1X session identification. The switch
ensures that a unique Acct-Session-ID is sent to the RADIUS server in all
Access-Request packets. CoA-Request requests must contain at least one of
the Acct-Session-Id, Framed-IP-Address, User-Name, or Calling-Station-Id
for presentation to the NAS for CoA requests.
A valid authenticated RFC 3575 Disconnect-Request terminates the session
without disabling the port. The termination may cause the host to attempt to
reauthenticate on the port. If an ACL was applied for the session, the ACL is
removed when the session is terminated.
If a valid authenticated RFC 3575 Disconnect-Request request is received
from a configured server and the session cannot be found, the switch returns a
Disconnect-NAK message with the 503 Session Context Not Found response
code.
Four additional types of CoA requests are supported:
Re-authenticate Session:
Upon receipt of a re-authenticate request for a host currently
authenticated by 802.1x, the switch sends an EAPOL EAP-Request/EAP-
Identity Request to the host without de-authorizing the host.
If the host is authenticated using MAB, the switch sends a RADIUS
Access-Request to the authentication server using the same attributes as
were used in the previously successful authentication.
If session authentication is in progress when the switch receives the re-
authenticate session command, the switch restarts the authentication
sequence starting with the first configured method.
Session Termination:
Upon receipt of a session termination request for a host currently
authenticated by 802.1x, the switch terminates the session without
disabling the port and denies access to the individual host. The
termination may cause the host to attempt to re-authenticate on the port.