Users Guide
Authentication, Authorization, and Accounting 309
RADIUS COA Example with Telnet and SSH
The following example configures telnet and SSH clients in conjunction with
RADIUS CoA.
1
Configure a login list named “login-list” that uses RADIUS as the only
method:
console#config
console(config)#aaa authentication login “login-list” radius
2
Enable RADIUS COA:
console(config)#aaa server radius dynamic-author
3
Enable the switch RADIUS client connecting to the RADIUS server at
10.130.191.89:
console(config-radius-da)#client 10.130.191.89 server-key
“shared secret”
4
Allow matching of the client session on any of the key values present in the
RADIUS disconnect:
console(config-radius-da)#auth-type any
console(config-radius-da)#exit
5
Configure the RADIUS server attribute 4 (NAS-IP-Address). This
attribute is sent in the RADIUS message to the RADIUS server but does
not change the source IP address sent in the RADIUS messages. It allows a
group of NASs to simulate a large RADIUS NAS:
console(config)#radius server attribute 4 10.130.65.4
6
Configure the remote RADIUS server address with name Default-
RADIUS-Server and key “shared secret”:
console(config)#radius server auth 10.130.191.89
console(config-auth-radius)#name Default-RADIUS-Server
console(config-auth-radius)#key “shared secret”
console(config-auth-radius)#exit
7
Configure telnet sessions to the switch to use RADIUS authentication
(the only login-list method):
console(config)#line telnet
console(config-telnet)#login authentication login-list
console(config-telnet)#exit
8
Configure SSH sessions to the switch to use RADIUS authentication:
console(config)#line ssh
console(config-ssh)#login authentication login-list