Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

761

762

763

764

765

766

767

768

769

770

NAS uses the user-name or both the user-name as well as the NAS-Port attribute to identify the AAA user session. NAS disconnects all

sessions related to the user, if the user-name is provided without NAS-port.

1 Enter the following command to congure the dynamic authorization feature:

radius dynamic-auth

2 Enter the following command to terminate the 802.1x user session:

disconnect-user

NAS disconnects the administrative users who are connected through an AAA interface.

Dell(conf#)radius dynamic-auth

Dell(conf-dynamic-auth#)disconnect-user

NAS takes the following actions:

• validates the DM request and the session identication attributes.

• sends a DM-Nak with an error-cause of 402 (missing attribute), if the DM request does not contain the User-Name.

• sends a DM-Ack, if it is able to successfully disconnect the admin user.

• sends a DM-Nak with an error-cause value of 506 (resource unavailable), if it is not able to disconnect the admin user.

• sends a DM-Nak with an error-cause value of 501 (administratively prohibited), if disconnect-user feature is not enabled in NAS.

Conguring CoA to bounce 802.1x enabled ports

Dell EMC Networking OS provides RADIUS extension commands that enables you to congure port bounce settings for the 802.1x enabled

port.

Before conguring port bounce settings on a 802.1x enabled port, ensure that the following prerequisites are satised:

• Shared key is congured in NAS for DAC.

• NAS server listens on the Management IP UDP port 3799 (default) or the port congured through CLI.

• The user is logged-in through 802.1X enabled physical port and successfully authenticated with Radius Server.

When DAC initiates a port bounce operation, the NAS server causes the links on the authentication port to ap. This incident in turn

triggers re-negotiation on one of the ports that is apped.

1 Enter the following command to congure the dynamic authorization feature:

radius dynamic-auth

2 Enter the following command to congure port-bounce setttings on a 802.1x enabled port:

coa-bounce-port

NAS disables the authentication port that is hosting the session and re-enables it after 10 seconds. All user sessions connected to this

authentication port are aected.

Dell(conf#)radius dynamic-auth

Dell(conf-dynamic-auth#)coa-bounce-port

NAS takes the following actions whenever port-bounce is triggered:

• validates the CoA request and the session identication attributes.

• sends a CoA-Nak with an error-cause of 402 (missing attribute), if the CoA request does not contain the NAS-port attributes.

• uses the NAS-port attribute to identify the 802.1x enabled interface.

• sends a CoA-Nak with an error-cause value of 503 (session context not found), if it is unable to retrieve 802.1x enabled interface using

the NAS-port attribute.

• sends a CoA-Ack if it is successfully able to ap the port.

• discards the packet, if simultaneous requests are received for the same NAS Port.

Security

761