When a device with no supplicant, such as a printer, needs to acquire a new IP address (for example, after a
VLAN change), terminate the session on the host port with port-bounce (temporarily disable and then re-enable
the port).
CoA Activate Service Command
The CoA activate service command can be used to activate a service template on a session. The AAA server
sends the request in a standard CoA-Request message using the following VSAs:
Cisco:Avpair=
“
subscriber:command=activate-service
”
Cisco:Avpair=
“
subscriber:service-name=<
service-name
>
”
Cisco:Avpair=
“
subscriber:precedence=<
precedence-number
>
”
Cisco:Avpair=
“
subscriber:activation-mode=replace-all
”
Because this command is session-oriented, it must be accompanied by one or more of the session identification
attributes described in the
Session Identification
section below. If the device cannot locate a session, it returns
a CoA-NAK message with the
“
Session Context Not Found
”
error-code attribute. If the device locates a session,
it initiates an activate template operation for the hosting port and a CoA-ACK is returned. If activating the
template fails, a CoA-NAK message is returned with the Error-Code attribute set to the appropriate message.
If the device fails before returning a CoA-ACK to the client, the process is repeated on the new active device
when the request is re-sent from the client. If the device fails after returning a CoA-ACK message to the client
but before the operation is complete, the operation is restarted on the new active device.
Session Identification
For disconnect and CoA requests targeted at a particular session, the device locates the session based on one
or more of the following attributes:
•
Acct-Session-Id (IETF attribute #44)
•
Audit-Session-Id (Cisco VSA)
•
Calling-Station-Id (IETF attribute #31, which contains the host MAC address)
•
IPv6 Attributes, which can be one of the following:
•
Framed-IPv6-Prefix (IETF attribute #97) and Framed-Interface-Id (IETF attribute #96), which
together create a full IPv6 address per RFC 3162
•
Framed-IPv6-Address
•
Plain IP Address (IETF attribute #8)
If more than one session identification attribute is included in the message, all of the attributes must match
the session or the device returns a Disconnect-NAK or CoA-NAK with the error code
“
Invalid Attribute
Value.
”
For CoA requests targeted at a particular enforcement policy, the device returns a CoA-NAK with the error
code
“
Invalid Attribute Value
”
if any of the above session identification attributes are included in the message.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
968
Information About RADIUS Change-of-Authorization
Summary of Contents for Catalyst 2960 Series
Page 96: ......
Page 196: ......
Page 250: ......
Page 292: ......
Page 488: ......
Page 589: ...P A R T VI Cisco Flexible NetFlow Configuring NetFlow Lite page 509 ...
Page 590: ......
Page 619: ...P A R T VII QoS Configuring QoS page 539 Configuring Auto QoS page 645 ...
Page 620: ......
Page 750: ......
Page 1604: ......
Page 1740: ......
Page 2105: ...P A R T XII Configuring Cisco IOS IP SLAs Configuring Cisco IP SLAs page 2025 ...
Page 2106: ......
Page 2118: ......
Page 2164: ......