Cisco Systems 2960 Manual De Usuario
9-22
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 9 Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
Preconditions
To use the CoA interface, a session must already exist on the switch. CoA can be used to identify a
session and enforce a disconnect request. The update affects only the specified session.
session and enforce a disconnect request. The update affects only the specified session.
CoA Request Response Code
The CoA Request response code can be used to convey a command to the switch. The supported
commands are listed in
commands are listed in
Session Identification
For disconnect and CoA requests targeted at a particular session, the switch locates the session based on
one or more of the following attributes:
one or more of the following attributes:
•
Calling-Station-Id (IETF attribute 31 which contains the host MAC address)
•
Audit-Session-Id (Cisco VSA)
•
Acct-Session-Id (IETF attribute 44)
Unless all session identification attributes included in the CoA message match the session, the switch
returns a Disconnect-NAK or CoA-NAK with the Invalid Attribute Value error-code attribute.
returns a Disconnect-NAK or CoA-NAK with the Invalid Attribute Value error-code attribute.
Table 9-3
Error-Cause Values
Value
Explanation
201
Residual Session Context Removed
202
Invalid EAP Packet (Ignored)
401
Unsupported Attribute
402
Missing Attribute
403
NAS Identification Mismatch
404
Invalid Request
405
Unsupported Service
406
Unsupported Extension
407
Invalid Attribute Value
501
Administratively Prohibited
502
Request Not Routable (Proxy)
503
Session Context Not Found
504
Session Context Not Removable
505
Other Proxy Processing Error
506
Resources Unavailable
507
Request Initiated
508
Multiple Session Selection Unsupported