802.1X dynamic authorization extension (RFC 3576) configuration using EDM

Configure 802.1X dynamic authorization extension (RFC 3576) to enable the RADIUS server to send a change of authorization (CoA) or disconnect command to the Network Access Server (NAS)

802.1X dynamic authorization extension (RFC 3576) configuration using EDM navigation

Viewing the 802.1X dynamic authorization extension (RFC 3576) client configuration using EDM

Use the following procedure to display existing RADIUS Dynamic Authorization client configurations for the switch.

Procedure steps


Step Action

1

From the navigation tree, double-click Security.

2

In the Security tree, double-click 802.1X/EAP.

3

In the work area, click the RADIUS Dynamic Auth. Client tab.


--End--

Variable definitions

Use the data in the following table to understand the RADIUS Dynamic Authorization client display.

Variable Value

AddressType

Indicates the IP address type for the RADIUS Dynamic Authorization Client.

Address

Indicates the IP address of the RADIUS Dynamic Authorization Client.

Enabled

Indicates or disables packet receiving from the RADIUS Dynamic Authorization Client.

UdpPort

Indicates the server and NAS UDP port to listen for requests from the RADIUS Dynamic Authorization Client. Values range from 1025–65535.

ProcessCoARequests

Indicates whether change of authorization (CoA) request processing is enabled or disabled.

ProcessDisconnectRequests

Indicates whether disconnect request processing is enabled or disabled.

Secret

Indicates the secret word shared between the RADIUS Dynamic Authorization Client and the RADIUS server.

Creating an 802.1X dynamic authorization extension (RFC 3576) client using EDM

Use the following procedure to create an RADIUS Dynamic Authorization client for the switch.

Procedure steps


Step Action

1

From the navigation tree, double-click Security.

2

In the Security tree, double-click 802.1X/EAP.

3

In the work area, click the RADIUS Dynamic Auth. Client tab.

4

Click Insert.

The Insert RADIUS Dynamic Auth. Client dialog box appears.

5

In the AddressType section, select a radio button.

6

In the Address dialog box, type an IP address.

7

To enable the RADIUS Dynamic Authorization client, select the Enabled checkbox.

OR

To disable the RADIUS Dynamic Authorization client, clear the Enabled checkbox.

8

In the UdpPort dialog box, type a port number.

9

To enable change of authorization request processing, select the ProcessCoARequests checkbox.

OR

To disable change of authorization request processing, clear the ProcessCoARequests checkbox.

10

To enable disconnect request processing, select the ProcessDisconnectRequests checkbox.

OR

To disable disconnect request processing, clear the ProcessDisconnectRequests checkbox.

11

In the Secret dialog box, type a shared secret word.

12

Click Insert.

13

On the toolbar, click Apply.


--End--

Variable definitions

Use the data in the following table to configure the RADIUS Dynamic Authorization client.

Variable Value

AddressType

Defines the IP address type for the RADIUS Dynamic Authorization Client.

Address

Defines the IP address of the RADIUS Dynamic Authorization Client.

Enabled

Enables or disables packet receiving from the RADIUS Dynamic Authorization Client.

UdpPort

Configures the server and NAS UDP port to listen for requests from the RADIUS Dynamic Authorization Client. Values range from 1025–65535.

ProcessCoARequests

Enables or disables change of authorization (CoA) request processing.

ProcessDisconnectRequests

Enables or disables disconnect request processing.

Secret

Defines the secret word shared between the RADIUS Dynamic Authorization Client and the RADIUS server.

Deleting an 802.1X dynamic authorization extension (RFC 3576) client configuration using EDM

Use the following procedure to delete an existing RADIUS Dynamic Authorization client configuration.

Procedure steps


Step Action

1

From the navigation tree, double-click Security.

2

In the Security tree, double-click 802.1X/EAP.

3

In the work area, click the RADIUS Dynamic Auth. Client tab.

4

To select a RADIUS Dynamic Authorization client to delete, click the client row.

5

Click Delete.


--End--

Modifying the 802.1X dynamic authorization extension (RFC 3576) client configuration using EDM

Use the following procedure to edit an existing RADIUS Dynamic Authorization client configuration.

Procedure steps


Step Action

1

From the navigation tree, double-click Security.

2

In the Security tree, double-click 802.1X/EAP.

3

In the work area, click the RADIUS Dynamic Auth. Client tab.

4

To select a RADIUS Dynamic Authorization client to edit, click the client row.

5

In the client row, double-click the cell in the Enabled column.

6

Select a value from the list—true to enable RADIUS Dynamic Authorization client, or false to disable RADIUS Dynamic Authorization client for the VLAN.

7

In the client row, double-click the cell in the UdpPort column.

8

Edit the UDP port number as required.

9

In the client row, double-click the cell in the ProcessCoARequests column.

10

Select a value from the list—true to enable CoA request processing, or false to disable CoA request processing.

11

In the client row, double-click the cell in the ProcessDisconnectRequests column.

12

Select a value from the list—true to enable disconnect request processing, or false to disable disconnect request processing.

13

On the toolbar, click Apply.


--End--

Variable definitions

Use the data in the following table to modify an existing RADIUS Dynamic Authorization client configuration.

Variable Value

AddressType

Indicates the IP address type for the RADIUS Dynamic Authorization Client. This is a read-only cell.

Address

Indicates the IP address of the RADIUS Dynamic Authorization Client. This is a read-only cell.

Enabled

Enables or disables packet receiving from the RADIUS Dynamic Authorization Client.

  • enable—true
  • disable—false

UdpPort

Defines the server and NAS UDP port to listen for requests from the RADIUS Dynamic Authorization Client. Values range from 1024 to 65535.

ProcessCoARequests

Enables or disables change of authorization (CoA) request processing.

ProcessDisconnectRequests

Enables or disables disconnect request processing.

Secret

The RADIUS Dynamic Authorization Client secret word. This cell remains empty.

Changing the 802.1X dynamic authorization extension (RFC 3576) client secret word using EDM

Use the following procedure to change the existing RADIUS Dynamic Authorization client secret word.

Procedure steps


Step Action

1

From the navigation tree, double-click Security.

2

In the Security tree, double-click 802.1X/EAP.

3

In the work area, click the RADIUS Dynamic Auth. Client tab.

4

Click Change Secret.

5

In the Secret dialog box, type a new secret word.

6

In the Confirmed Secret dialog box, retype the new secret word.

7

Click Apply.


--End--