Cisco Cisco Packet Data Gateway (PDG)
CoA, RADIUS DM, and Session Redirection (Hotlining)
▀ RADIUS Change of Authorization and Disconnect Message
▄ HNB-GW Administration Guide, StarOS Release 16
142
RADIUS Change of Authorization and Disconnect Message
This section describes how the system implements CoA and DM RADIUS messages and how to configure the system to
use and respond to CoA and DM messages.
use and respond to CoA and DM messages.
CoA Overview
The system supports CoA messages from the AAA server to change data filters associated with a subscriber session.
The CoA request message from the AAA server must contain attributes to identify NAS and the subscriber session and a
data filter ID for the data filter to apply to the subscriber session. The filter-id attribute (attribute ID 11) contains the
name of an Access Control List (ACL). For detailed information on configuring ACLs, refer to the IP Access Control
Lists chapter in the System Administration Guide.
The CoA request message from the AAA server must contain attributes to identify NAS and the subscriber session and a
data filter ID for the data filter to apply to the subscriber session. The filter-id attribute (attribute ID 11) contains the
name of an Access Control List (ACL). For detailed information on configuring ACLs, refer to the IP Access Control
Lists chapter in the System Administration Guide.
If the system successfully executes a CoA request, a CoA-ACK message is sent back to the RADIUS server and the data
filter is applied to the subscriber session. Otherwise, a CoA-NAK message is sent with an error-cause attribute without
making any changes to the subscriber session.
filter is applied to the subscriber session. Otherwise, a CoA-NAK message is sent with an error-cause attribute without
making any changes to the subscriber session.
Important:
Changing ACL and rulebase together in a single CoA is not supported. For this, two separate CoA
requests can be sent through AAA server requesting for one attribute change per request.
DM Overview
The DM message is used to disconnect subscriber sessions in the system from a RADIUS server. The DM request
message should contain necessary attributes to identify the subscriber session. If the system successfully disconnects the
subscriber session, a DM-ACK message is sent back to the RADIUS server, otherwise, a DM-NAK message is sent
with proper error reasons.
message should contain necessary attributes to identify the subscriber session. If the system successfully disconnects the
subscriber session, a DM-ACK message is sent back to the RADIUS server, otherwise, a DM-NAK message is sent
with proper error reasons.
License Requirements
The RADIUS Change of Authorization (CoA) and Disconnect Message (DM) are licensed Cisco features. A separate
feature license may be required. Contact your Cisco account representative for detailed information on specific licensing
requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of the
Software Management Operations chapter in the System Administration Guide.
feature license may be required. Contact your Cisco account representative for detailed information on specific licensing
requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of the
Software Management Operations chapter in the System Administration Guide.
Enabling CoA and DM
To enable RADIUS Change of Authorization and Disconnect Message:
Step 1
Enable the system to listen for and respond to CoA and DM messages from the RADIUS server as described in the
Step 2
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command
command
save configuration
. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.