9-26
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 9 Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
Because this command is session-oriented, it must be accompanied by one or more of the session
identification attributes described in the “Session Identification” section on page 9-22. If the session
cannot be located, the switch returns a CoA-NAK message with the “Session Context Not Found”
error-code attribute. If the session is located, the switch disables the hosting port for a period of 10
seconds, re-enables it (port-bounce), and returns a CoA-ACK.
If the switch fails before returning a CoA-ACK to the client, the process is repeated on the new active
switch when the request is re-sent from the client. If the switch fails after returning a CoA-ACK message
to the client but before the operation has completed, the operation is re-started on the new active switch.
Stacking Guidelines for Session Termination
No special handling is required for CoA Disconnect-Request messages in a switch stack.

Stacking Guidelines for CoA-Request Bounce-Port

Because the bounce-port command is targeted at a session, not a port, if the session is not found, the
command cannot be executed.
When the Auth Manager command handler on the stack master receives a valid bounce-port command,
it checkpoints this information before returning a CoA-ACK message:
Need for a port-bounce
Port-ID (found in the local session context)
The switch initiates a port-bounce (disables the port for 10 seconds, then re-enables it).
If the port-bounce is successful, the signal that triggered the port-bounce is removed from the standby
stack master.
If the stack master fails before the port-bounce completes, a port-bounce is initiated after stack master
change-over based on the original command (which is subsequently removed).
If the stack master fails before sending a CoA-ACK message, the new stack master treats the re-sent
command as a new command.

Stacking Guidelines for CoA-Request Disable-Port

Because the disable-port command is targeted at a session, not a port, i f the session is not found, the
command cannot be executed.
When the Auth Manager command handler on the stack master receives a valid disable-port command,
it verifies this information before returning a CoA-ACK message:
Need for a port-disable
Port-ID (in the local session context)
The switch attempts to disable the port.
If the port-disable operation is successful, the signal that triggered the port-disable is removed from the
standby stack master.
If the stack master fails before the port-disable operation completes, the port is disabled after stack
master change-over based on the original command (which is subseq uently removed).
If the stack master fails before sending a CoA-ACK message, the new stack master treats the re-sent
command as a new command.