Administrator Guide
Security Commands 920
This gives flexibility for clients to move around the network with out
requiring the operator to perform additional provisioning for each network
interface.
RADIUS Change of Authorization
Dell Networking supports the Change of Authorization Disconnect -Request
per RFC 3575. The Dell Networking switch listens for the Disconnect-
Request on UDP port 3799. The Disconnect-Request identifies the user
session to be terminated using the following attributes:
• State (IETF attribute #24)
• Acct-Session-Id (IETF attribute #44)
• Calling-Station-Id (IETF attribute #31, which contains the host MAC
address)
The following messages from RFC 3575 are supported:
• 40 - Disconnect-Request
• 41 - Disconnect-ACK
• 42 - Disconnect-NAK
A CoA Disconnect-Request terminates the session without disabling the
switch port. Instead, CoA Disconnect-Request termination causes re-
initialization of the authenticator state machine for the specified host. MAC
port control can be enabled for 802.1x sessions. In this case, if the RADIUS
server issues a disconnect request and subsequently does not authorize the
MAC address to access network resources, the host is effectively denied
network access.
If the session cannot be located, the device returns a Disconnect-NAK
message with the “Session Context Not Found” error-code attribute. If the
session is located, the device terminates the session. After the session has
been completely removed, the device returns a Disconnect-ACK message.
The attributes returned within a CoA ACK can vary based on the CoA
Request.
2CSNXXX_SWUM204.book Page 920 Monday, January 25, 2016 1:25 PM