Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
751752753754755756757758759760
NOTE: Unsupported attributes are the ones that are not mentioned in the RFC 5176 but present in the disconnect message
that is received by the NAS.
rejects the disconnect message containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match NAS with DM-Nak;
Error-Cause value is “NAS Identication Mismatch” (403).
responds with a DM-Nak, if the NAS is congured to prohibit honoring of disconnect messages; Error-Cause value is “Administratively
Prohibited” (501).
Conguring DAC
You can congure trusted dynamic authorization clients (DACs).
This setting enables you to congure more than one DAC. Duplicate congurations are not allowed.
1 Enter the following command to enter dynamic authorization mode:
radius dynamic-auth
2 Enter the following command to congure DAC:
client host-name
Dell(conf-dynamic-auth#)client testhost
Conguring the port number
You can congure the port number on which the NAS receives CoA or DM requests.
This setting enables you to specify an optional port number on which to receive CoA or DM requests. The default value is 3799.
Enter the following command to congure the port number:
port port-number
The range for the port number value that you can specify is from 1 to 65535.
Dell(conf-dynamic-auth#)port 2000
Conguring shared key
You can congure a global shared key for the dynamic authorization clients (DACs).
1 Enter the following command to enter dynamic authorization mode:
radius dynamic-auth
2 Enter the following command to congure the global shared key value:
client-key encryption-type key
Dell(conf-dynamic-auth#)client-key 7 password
Disconnecting administrative users logged in through RADIUS
Dell EMC Networking OS enables you to congure disconnect messages (DMs) to disconnect RADIUS administrative users who are logged
in through an AAA interface.
Before disconnecting an administrative user using the disconnect messages, ensure that the following prerequisites are satised:
Shared key is congured in NAS for DAC.
NAS server listens on the Management IP UDP port 3799 (default) or the port congured through CLI.
AAA session for the user is active.
760
Security