Configure 802.1X dynamic authorization extension (RFC 3576) to enable the RADIUS server to send a change of authorization (CoA) or disconnect command to the Network Access Server (NAS)
Use the following procedure to display existing RADIUS Dynamic Authorization client configurations for the switch.
|
|
Step | Action |
---|---|
|
|
1 |
From the navigation tree, double-click Security. |
2 |
In the Security tree, double-click 802.1X/EAP. |
3 |
In the work area, click the RADIUS Dynamic Auth. Client tab. |
|
|
--End-- | |
|
Use the data in the following table to understand the RADIUS Dynamic Authorization client display.
Variable | Value |
---|---|
AddressType |
Indicates the IP address type for the RADIUS Dynamic Authorization Client. |
Address |
Indicates the IP address of the RADIUS Dynamic Authorization Client. |
Enabled |
Indicates or disables packet receiving from the RADIUS Dynamic Authorization Client. |
UdpPort |
Indicates the server and NAS UDP port to listen for requests from the RADIUS Dynamic Authorization Client. Values range from 1025–65535. |
ProcessCoARequests |
Indicates whether change of authorization (CoA) request processing is enabled or disabled. |
ProcessDisconnectRequests |
Indicates whether disconnect request processing is enabled or disabled. |
Secret |
Indicates the secret word shared between the RADIUS Dynamic Authorization Client and the RADIUS server. |
Use the following procedure to create an RADIUS Dynamic Authorization client for the switch.
|
|
Step | Action |
---|---|
|
|
1 |
From the navigation tree, double-click Security. |
2 |
In the Security tree, double-click 802.1X/EAP. |
3 |
In the work area, click the RADIUS Dynamic Auth. Client tab. |
4 |
Click Insert. The Insert RADIUS Dynamic Auth. Client dialog box appears. |
5 |
In the AddressType section, select a radio button. |
6 |
In the Address dialog box, type an IP address. |
7 |
To enable the RADIUS Dynamic Authorization client, select the Enabled checkbox. OR To disable the RADIUS Dynamic Authorization client, clear the Enabled checkbox. |
8 |
In the UdpPort dialog box, type a port number. |
9 |
To enable change of authorization request processing, select the ProcessCoARequests checkbox. OR To disable change of authorization request processing, clear the ProcessCoARequests checkbox. |
10 |
To enable disconnect request processing, select the ProcessDisconnectRequests checkbox. OR To disable disconnect request processing, clear the ProcessDisconnectRequests checkbox. |
11 |
In the Secret dialog box, type a shared secret word. |
12 |
Click Insert. |
13 |
On the toolbar, click Apply. |
|
|
--End-- | |
|
Use the data in the following table to configure the RADIUS Dynamic Authorization client.
Variable | Value |
---|---|
AddressType |
Defines the IP address type for the RADIUS Dynamic Authorization Client. |
Address |
Defines the IP address of the RADIUS Dynamic Authorization Client. |
Enabled |
Enables or disables packet receiving from the RADIUS Dynamic Authorization Client. |
UdpPort |
Configures the server and NAS UDP port to listen for requests from the RADIUS Dynamic Authorization Client. Values range from 1025–65535. |
ProcessCoARequests |
Enables or disables change of authorization (CoA) request processing. |
ProcessDisconnectRequests |
Enables or disables disconnect request processing. |
Secret |
Defines the secret word shared between the RADIUS Dynamic Authorization Client and the RADIUS server. |
Use the following procedure to delete an existing RADIUS Dynamic Authorization client configuration.
|
|
Step | Action |
---|---|
|
|
1 |
From the navigation tree, double-click Security. |
2 |
In the Security tree, double-click 802.1X/EAP. |
3 |
In the work area, click the RADIUS Dynamic Auth. Client tab. |
4 |
To select a RADIUS Dynamic Authorization client to delete, click the client row. |
5 |
Click Delete. |
|
|
--End-- | |
|
Use the following procedure to edit an existing RADIUS Dynamic Authorization client configuration.
|
|
Step | Action |
---|---|
|
|
1 |
From the navigation tree, double-click Security. |
2 |
In the Security tree, double-click 802.1X/EAP. |
3 |
In the work area, click the RADIUS Dynamic Auth. Client tab. |
4 |
To select a RADIUS Dynamic Authorization client to edit, click the client row. |
5 |
In the client row, double-click the cell in the Enabled column. |
6 |
Select a value from the list—true to enable RADIUS Dynamic Authorization client, or false to disable RADIUS Dynamic Authorization client for the VLAN. |
7 |
In the client row, double-click the cell in the UdpPort column. |
8 |
Edit the UDP port number as required. |
9 |
In the client row, double-click the cell in the ProcessCoARequests column. |
10 |
Select a value from the list—true to enable CoA request processing, or false to disable CoA request processing. |
11 |
In the client row, double-click the cell in the ProcessDisconnectRequests column. |
12 |
Select a value from the list—true to enable disconnect request processing, or false to disable disconnect request processing. |
13 |
On the toolbar, click Apply. |
|
|
--End-- | |
|
Use the data in the following table to modify an existing RADIUS Dynamic Authorization client configuration.
Variable | Value |
---|---|
AddressType |
Indicates the IP address type for the RADIUS Dynamic Authorization Client. This is a read-only cell. |
Address |
Indicates the IP address of the RADIUS Dynamic Authorization Client. This is a read-only cell. |
Enabled |
Enables or disables packet receiving from the RADIUS Dynamic Authorization Client.
|
UdpPort |
Defines the server and NAS UDP port to listen for requests from the RADIUS Dynamic Authorization Client. Values range from 1024 to 65535. |
ProcessCoARequests |
Enables or disables change of authorization (CoA) request processing. |
ProcessDisconnectRequests |
Enables or disables disconnect request processing. |
Secret |
The RADIUS Dynamic Authorization Client secret word. This cell remains empty. |
Use the following procedure to change the existing RADIUS Dynamic Authorization client secret word.
|
|
Step | Action |
---|---|
|
|
1 |
From the navigation tree, double-click Security. |
2 |
In the Security tree, double-click 802.1X/EAP. |
3 |
In the work area, click the RADIUS Dynamic Auth. Client tab. |
4 |
Click Change Secret. |
5 |
In the Secret dialog box, type a new secret word. |
6 |
In the Confirmed Secret dialog box, retype the new secret word. |
7 |
Click Apply. |
|
|
--End-- | |
|