Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N2100 Series
921922923924925926927928929930
Security Commands 921
The administrator can configure whether all or any of the session attributes
are used to identify a client session. If all is configured, all session
identification attributes included in the CoA Disconnect-Request must
match a session or the device returns a Disconnect-NAK or CoA-NAK with
the “Invalid Attribute Value” error-code attribute.
Dell Networking supports the following attributes in responses:
State (IETF attribute #24)
Calling-Station-ID (IETF attribute #31)
Acct-Session-ID (IETF attribute #44)
Message-Authenticator (IETF attribute #80)
Error-Cause (IETF attribute #101)
A CoA NAK message is not sent for all CoA requests with a key mismatch.
The message is sent only for the first three requests for a client. After that, all
the packets from that client are dropped. When there is a key mismatch, the
response authenticator sent with the CoA NAK message is calculated from a
dummy key value.
The Dell Networking switch starts listening to the client again based on re-
authentication timer.
Refer to the RADIUS Change of Authorization section in the Users
Configuration Guide for examples of configuring RADIUS CoA.
Commands in this Section
This section explains the following commands:
acct-port primary radius-server source-ip
attribute 6 priority radius-server source-inteface
attribute 8 radius-server attribute 4 radius-server timeout
attribute 25 radius-server attribute 6 retransmit
attribute 31 radius-server attribute 8 show aaa servers
authentication event fail
retry
radius-server attribute 25 show radius statistics
auth-port radius-server attribute 31 source-ip
2CSNXXX_SWUM204.book Page 921 Monday, January 25, 2016 1:25 PM