Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N2100 Series
311312313314315316317318319320
Authentication, Authorization, and Accounting 311
The RADIUS server should be configured such that it will send the Cisco AV
Pair attribute with the “roles” value. For example:
shell:roles=router-admin
The above example attribute gives the user access to the commands
permitted by the router-admin profile.
RADIUS Change of Authorization
Dell EMC Networking N-Series switches support the Change of
Authorization Disconnect-Request per RFC 3576. The Dell EMC
Networking N-Series switch listens for the Disconnect-Request on UDP port
3799. The Disconnect-Request identifies the user session to be terminated
using the following attributes:
State (IETF attribute #24)
Acct-Session-Id (IETF attribute #44)
Calling-Station-Id (IETF attribute #31, which contains the host MAC
address)
The following messages from RFC 3576 are supported:
40 – Disconnect-Request
41 – Disconnect-ACK
42 – Disconnect-NAK
A CoA Disconnect-Request terminates the session without disabling the
switch port. Instead, a CoA Disconnect-Request termination causes
reinitialization of the authenticator state machine for the specified host.
MAC-based authentication can be enabled for 802.1X sessions in conjunction
with CoA. In this case, if the RADIUS server successfully terminates an
802.1X host session and subsequently does not re-authorize the host MAC
address to access network resources, the host is effectively denied network
access.
If the session cannot be located, the device returns a Disconnect-NAK
message with the “Session Context Not Found” error-cause attribute. If the
session is located, the device terminates the 802.1X session. After the session
has been completely removed, the device returns a Disconnect-ACK message.
The attributes returned within a CoA ACK can vary based on the CoA
Request.