Cisco Systems 3560X Manual De Usuario
10-25
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 10 Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
Note
A Disconnect-Request failure following command re-sending could be the result of either a successful
session termination before change-over (if the Disconnect-ACK was not sent) or a session termination
by other means (for example, a link failure) that occurred after the original command was issued and
before the standby switch became active.
session termination before change-over (if the Disconnect-ACK was not sent) or a session termination
by other means (for example, a link failure) that occurred after the original command was issued and
before the standby switch became active.
CoA Request: Bounce-Port
This command is carried in a standard CoA-Request message that contains the following new VSA:
Cisco:Avpair="subscriber:command=bounce-host-port"
Because this command is session-oriented, it must be accompanied by one or more of the session
identification attributes described in the
identification attributes described in the
. If the session
cannot be located, the switch returns a CoA-NAK message with the “Session Context Not Found”
error-code attribute. If the session is located, the switch disables the hosting port for a period of 10
seconds, re-enables it (port-bounce), and returns a CoA-ACK.
error-code attribute. If the session is located, the switch disables the hosting port for a period of 10
seconds, re-enables it (port-bounce), and returns a CoA-ACK.
If the switch fails before returning a CoA-ACK to the client, the process is repeated on the new active
switch when the request is re-sent from the client. If the switch fails after returning a CoA-ACK message
to the client but before the operation has completed, the operation is re-started on the new active switch.
switch when the request is re-sent from the client. If the switch fails after returning a CoA-ACK message
to the client but before the operation has completed, the operation is re-started on the new active switch.
Stacking Guidelines for Session Termination
No special handling is required for CoA Disconnect-Request messages in a switch stack.
Stacking Guidelines for CoA-Request Bounce-Port
Because the bounce-port command is targeted at a session, not a port, if the session is not found, the
command cannot be executed.
command cannot be executed.
When the Auth Manager command handler on the stack master receives a valid bounce-port command,
it checkpoints the following information before returning a CoA-ACK message:
it checkpoints the following information before returning a CoA-ACK message:
•
the need for a port-bounce
•
the port-id (found in the local session context)
The switch initiates a port-bounce (disables the port for 10 seconds, then re-enables it).
If the port-bounce is successful, the signal that triggered the port-bounce is removed from the standby
stack master.
stack master.
If the stack master fails before the port-bounce completes, a port-bounce is initiated after stack master
change-over based on the original command (which is subsequently removed).
change-over based on the original command (which is subsequently removed).
If the stack master fails before sending a CoA-ACK message, the new stack master treats the re-sent
command as a new command.
command as a new command.
Stacking Guidelines for CoA-Request Disable-Port
Because the disable-port command is targeted at a session, not a port, if the session is not found, the
command cannot be executed.
command cannot be executed.