Netgear M4300-24X24F (XSM4348S) - Stackable Managed Switch with 48x10G including 24x10GBASE-T and 24xSFP+ Layer 3 Guia Do Administrador

Dynamic authorization as defined in RFC 5176 describes the Dynamic Authorization Server 
(DAS) and Dynamic Authorization Client (DAC). The DAC can send two types of messages: 
a disconnect message (DM) and a change of authorization (CoA) message. The DAS acts on 
these messages and sends an acknowledgment (ACK) message or a negative 
acknowledgment (NAK) message. The DM from the DAC can cause the user session to be 
terminated. The CoA message from the DAC causes the authorization status of the user 
session to be changed.

The various users such as dot1x-aware users, dot1x-unaware users (for example, phones 
and printers), and captive portal clients, as well as console, Telnet, SSH, HTTP, and HTTPS 
users can connect to the switch by authenticating themselves using the configured 
authentication method such as local authentication, RADIUS, or TACACS+. When such a 
user is authenticated through a RADIUS server and dynamic authorization is enabled, you 
can manage the user session from the DAC by generating a DM or CoA message. A 
NETGEAR switch can detect these messages on UDP port number 3799. 

When a NETGEAR switch receives a disconnect message or a CoA message, the following 
occurs:

In DM and CoA messages, all attributes are treated as mandatory attributes and one or 
more unsupported attributes causes a DM-NAK message or CoA-NAK message to be 
generated with an Error-Cause attribute as Unsupported Service.

If the DAS does not perform the expected action for a session, it sends a CoA-NAK 
message with an Error-Cause attribute as Unsupported Service.