Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048T-ON

871

872

873

874

875

876

877

878

879

880

client-key encryption-type key

Dell(conf-dynamic-auth#)client-key 7 password

Disconnecting administrative users logged in through RADIUS

Dell EMC Networking OS enables you to congure disconnect messages (DMs) to disconnect RADIUS administrative users who are logged

in through an AAA interface.

Before disconnecting an administrative user using the disconnect messages, ensure that the following prerequisites are satised:

• Shared key is congured in NAS for DAC.

• NAS server listens on the Management IP UDP port 3799 (default) or the port congured through CLI.

• AAA session for the user is active.

NAS uses the user-name or both the user-name as well as the NAS-Port attribute to identify the AAA user session. NAS disconnects all

sessions related to the user, if the user-name is provided without NAS-port.

1 Enter the following command to congure the dynamic authorization feature:

radius dynamic-auth

2 Enter the following command to terminate the 802.1x user session:

disconnect-user

NAS disconnects the administrative users who are connected through an AAA interface.

Dell(conf#)radius dynamic-auth

Dell(conf-dynamic-auth#)disconnect-user

NAS takes the following actions:

• validates the DM request and the session identication attributes.

• sends a DM-Nak with an error-cause of 402 (missing attribute), if the DM request does not contain the User-Name.

• sends a DM-Ack, if it is able to successfully disconnect the admin user.

• sends a DM-Nak with an error-cause value of 506 (resource unavailable), if it is not able to disconnect the admin user.

• sends a DM-Nak with an error-cause value of 501 (administratively prohibited), if disconnect-user feature is not enabled in NAS.

Conguring CoA to bounce 802.1x enabled ports

Dell EMC Networking OS provides RADIUS extension commands that enables you to congure port bounce settings for the 802.1x enabled

port.

Before conguring port bounce settings on a 802.1x enabled port, ensure that the following prerequisites are satised:

• Shared key is congured in NAS for DAC.

• NAS server listens on the Management IP UDP port 3799 (default) or the port congured through CLI.

• The user is logged-in through 802.1X enabled physical port and successfully authenticated with Radius Server.

When DAC initiates a port bounce operation, the NAS server causes the links on the authentication port to ap. This incident in turn

triggers re-negotiation on one of the ports that is apped.

1 Enter the following command to congure the dynamic authorization feature:

radius dynamic-auth

2 Enter the following command to congure port-bounce setttings on a 802.1x enabled port:

coa-bounce-port

876

Security