Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
731732733734735736737738739740
Change of Authorization (CoA) packets
Using the CoA packets, the NAS can handle authorization of dot1x sessions by processing the following requests from the Dynamic
Authorization Client (DAC): Re-authentication of the supplicant, Port disable, and Port bounce.
The CoA packets constitute one message request (CoA request) and one of the following two possible responses:
Change of Authorization Acknowledgement (CoA-Ack) - If the authorization state change is successful, then NAS sends a CoA-Ack.
Change of Authorization non-Acknowledgement (CoA-Nak) - If the authorization state change is not successful, then the NAS sends a
CoA-Nak, which is a negative acknowledgement.
Disconnect Messages
Using the Disconnect Messages, the NAS can disconnect AAA and dot1x sessions. NAS can disconnect AAA sessions using either
username or a combination of the username and session id. NAS can disconnect dot1x sessions using NAS-port, or calling-station ID, or
both.
The disconnect messages constitue one message request (DM request) and one of the following two possible responses:
Disconnect Acknowledgement (DM-Ack) - If the session is disconnected successfully, then NAS sends a DM-Ack.
Disconnect non-Acknowledgement (DM-Nak) - If the session is not disconnected successfully, then NAS sends a DM-Nak.
Attributes
In Disconnect messsage requests and CoA-Request packets, certain attributes are used to uniquely identify the NAS as well as user
sessions on the NAS.
The combination of NAS and session identication attributes included in a CoA-request or a disconnect-message request must match at
least one session in order for a request to be successful; otherwise, a disconnect-Nak or CoA-Nak is sent. For disconnect-user operations
using DMs, if all NAS identication attributes match, and more than one session matches all of the session identication attributes, then a
CoA-request or a disconnect-message request applies to all matching sessions.
The following tables describe the various types of attributes that identify the NAS and the user sessions:
Table 72. NAS
Identication Attributes
Attribute
code
Attribute Description
4 NAS-IP-Address IPv4 address of the NAS.
95 NAS-IPv6–Address IPv6 address of the NAS.
Table 73. Change of Authorization (CoA) Attribute
Attribute
code
Attribute Description
5 NAS-Port Port associated with the session to be processed for EAP or MAB users or the VTY ID for
AAA sessions.
Security 739