Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1100-ON Series
301302303304305306307308309310
310 Authentication, Authorization, and Accounting
The RADIUS server should be configured such that it will send the Cisco AV
Pair attribute with the “roles” value. For example:
shell:roles=router-admin
The above example attribute gives the user access to the commands
permitted by the router-admin profile.
RADIUS Change of Authorization
Dell EMC Networking N-Series switches support the Change of
Authorization Disconnect-Request per RFC 3575. The Dell EMC
Networking N-Series switch listens for the Disconnect-Request on UDP port
3799. The Disconnect-Request identifies the user session to be terminated
using the following attributes:
State (IETF attribute #24)
Acct-Session-Id (IETF attribute #44)
Calling-Station-Id (IETF attribute #31, which contains the host MAC
address)
The following messages from RFC 3575 are supported:
40 – Disconnect-Request
41 – Disconnect-ACK
42 – Disconnect-NAK
A CoA Disconnect-Request terminates the session without disabling the
switch port. Instead, CoA Disconnect-Request termination causes
reinitialization of the authenticator state machine for the specified host.
MAC-based authentication can be enabled for 802.1X sessions in conjunction
with CoA. In this case, if the RADIUS server successfully terminates a MAB
session and subsequently does not re-authorize the host MAC address to
access network resources, the host is effectively denied network access.
If the session cannot be located, the device returns a Disconnect-NAK
message with the “Session Context Not Found” error-code attribute. If the
session is located, the device terminates the session. After the session has
been completely removed, the device returns a Disconnect-ACK message.
The attributes returned within a CoA ACK can vary based on the CoA
Request.