Concept Guide
NOTE: Unsupported attributes are the ones that are not mentioned in the RFC 5176 but present in the disconnect message
that is received by the NAS.
• rejects the disconnect message containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match NAS with DM-Nak;
Error-Cause value is “NAS Identication Mismatch” (403).
• responds with a DM-Nak, if the NAS is congured to prohibit honoring of disconnect messages; Error-Cause value is “Administratively
Prohibited” (501).
Conguring DAC
You can congure trusted dynamic authorization clients (DACs).
This setting enables you to congure more than one DAC. Duplicate congurations are not allowed.
1 Enter the following command to enter dynamic authorization mode:
radius dynamic-auth
2 Enter the following command to congure DAC:
client host-name
Dell(conf-dynamic-auth#)client testhost
Conguring the port number
You can congure the port number on which the NAS receives CoA or DM requests.
This setting enables you to specify an optional port number on which to receive CoA or DM requests. The default value is 3799.
Enter the following command to congure the port number:
port port-number
The range for the port number value that you can specify is from 1 to 65535.
Dell(conf-dynamic-auth#)port 2000
Conguring shared key
You can congure a global shared key for the dynamic authorization clients (DACs).
1 Enter the following command to enter dynamic authorization mode:
radius dynamic-auth
2 Enter the following command to congure the global shared key value:
client-key encryption-type key
Dell(conf-dynamic-auth#)client-key 7 password
Disconnecting administrative users logged in through RADIUS
Dell EMC Networking OS enables you to congure disconnect messages (DMs) to disconnect RADIUS administrative users who are logged
in through an AAA interface.
Before disconnecting an administrative user using the disconnect messages, ensure that the following prerequisites are satised:
• Shared key is congured in NAS for DAC.
• NAS server listens on the Management IP UDP port 3799 (default) or the port congured through CLI.
• AAA session for the user is active.
760
Security