Administrator Guide
Authentication, Authorization, and Accounting 271
4
Disconnect-request client identification must match on all keys.
console(config-radius-da)#auth-type all
console(config-radius-da)#exit
RADIUS COA Example with Telnet and SSH
The following example configures telnet and SSH clients in conjunction with
RADIUS CoA.
1
Configure a login list named “login-list” that uses RADIUS as the only
method:
console#config
console(config)#aaa authentication login “login-list” radius
2
Enable RADIUS COA:
console(config)#aaa server radius dynamic-author
3
Enable the switch RADIUS client connecting to the RADIUS server at
10.130.191.89:
console(config-radius-da)#client 10.130.191.89 server-key
“shared secret”
4
Allow matching of the client session on any of the key values:
console(config-radius-da)#auth-type any
console(config-radius-da)#exit
5
Configure the RADIUS server attribute 4 (NAS-IP-Address). This
attribute is sent in the RADIUS message to the RADIUS server but does
not change the source IP address sent in the RADIUS messages. It allows a
group of NASs to simulate a large RADIUS NAS:
console(config)#radius-server attribute 4 10.130.65.4
6
Configure the remote RADIUS server address with name Default-
RADIUS-Server and key “shared secret”:
console(config)#radius-server host auth 10.130.191.89
console(Config-auth-radius)#name “Default-RADIUS-Server”
console(Config-auth-radius)#key “shared secret”
console(Config-auth-radius)#exit
7
Configure telnet sessions to the switch to use RADIUS authentication
(the only login-list method):
console(config)#line telnet
console(config-telnet)#login authentication login-list
console(config-telnet)#exit