Users Guide
Security Commands 876
(config)# aaa new-model
aaa server radius dynamic-author
Use this command to enter dynamic RADIUS server configuration mode.
Syntax
aaa server radius dynamic-author
Default Configuration
By default, no dynamic RADIUS servers are configured.
Command Mode
Global Configuration
User Guidelines
Configuring a dynamic RADIUS server causes the system to begin listening
on the default port 3799 for RADIUS CoA requests. The switch ensures that a
unique Acct-Session-Id and the Calling-Station-Id is sent to the RADIUS
server in all Access-Request packets. The Acct-Session-Id and Calling-
Station-Id identifiers are maintained in the switch. CoA-Request requests
must use the Acct-Session-Id or Calling-Station-Id or both for presentation to
the NAS for subsequent CoA requests.
A valid authenticated RFC 3575 Disconnect-Request terminates the session
without disabling the port. The termination may cause the host to attempt to
re-authenticate on the port. If an ACL was applied for the session (i.e., for
MAB), the ACL is removed when the session is terminated.
If a valid authenticated RFC 3575 Disconnect-Request request is received
from a configured server and the session cannot be found, the switch returns a
CoA-NAK message with the 503 Session Context Not Found response code.
If it expected that more than one session will authenticate over a port, use of
MAC based authentication is recommended. If MAC based authentication is
enabled, the user is denied access to the port even if a previous authentication
has occurred on the port.