Cisco Systems IE 2000 RADIUS Server Host

12-14

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Chapter 12 Configuring Switch-Based Authentication

Information About Configuring Switch-Based Authentication

This command is carried in a standard CoA-Request message that ha s this new VSA:

Cisco:Avpair="subscriber:command=disable-host-port"

Because this command is session-oriented, it must be accompanied by one or more of the session

identification attributes described in the “CoA Session Identification” section on page 12-11. If the

session cannot be located, the switch returns a CoA-NAK message with the “Session Context Not

Found” error-code attribute. If the session is located, the switch d isables the hosting port and returns a

CoA-ACK message.

If the switch fails before returning a CoA-ACK to the client, the process is repeated on the new active

switch when the request is resent from the client. If the switch fails after returning a CoA-ACK message

to the client but before the operation has completed, the operation is restarted on the new active switch.

Note A Disconnect-Request failure following command resend could be the result of either a successful

session termination before change-over (if the Disconnect-ACK was not sent) or a session termination

by other means (for example, a link failure) that occurred after the origin al command was issued and

before the standby switch became active.

This command is carried in a standard CoA-Request message that contains this VSA:

Cisco:Avpair="subscriber:command=bounce-host-port"

Because this command is session-oriented, it must be accompanied by one or more of the session

identification attributes described in the “CoA Session Identification” section on page 12-11. If the

session cannot be located, the switch returns a CoA-NAK message with the “Session Context Not

Found” error-code attribute. If the session is located, the switch disables the hosting port for a peri od of

10 seconds, reenables it (port-bounce), and returns a CoA-ACK.

If the switch fails before returning a CoA-ACK to the client, the process is repeated on the new active

switch when the request is resent from the client. If the switch fails after returning a CoA-ACK message

to the client but before the operation has completed, the operation is restarted on the new active switch.

RADIUS Server Host

Switch-to-RADIUS-server communication involves several components:

• Hostname or IP address

• Authentication destination port

• Accounting destination port

• Key string

• Timeout period

• Retransmission value

You identify RADIUS security servers by their hostname or IP address, hostname and specific UDP port

numbers, or their IP address and specific UDP port numbers. The combination of the IP address a nd the

UDP port number creates a unique identifier, allowing different ports to be individually defined as

RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be

sent to multiple UDP ports on a server at the same IP address.