Nortel Networks NN47250-500 Switch User Manual


 
Configuring communication with RADIUS 645
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Dynamic RADIUS
This allows administrators supporting a RADIUS server to disconnect a user and change the authorization attributes of
an existing user session.
RFC 4673 (Dynamic Authorization Server MIB):
Dynamic Authorization Server (DAS) - The component residing on the NAS and processes the Disconnect and
Change of Authorization (CoA) requests sent by the Dynamic Authorization Client (DAC).
Dynamic Authorization Client (DAC) - The component sending the Disconnect and CoA requests to the DAS
though the DAC often resides on the RADIUS server, it can be located on a separated host, such as a rating engine.
Dynamic Authorization Server Port - The UDP that the DAS listens for Disconnect and CoA requests sent by the
DAC.
Configuration
To configure a RADIUS DAC server on a WSS, use the following commands:
WSS# set radius dac dac-name ip-address key <string>
Additional attributes include the following:
[disconnect [enable | disable] | [change-of-author [enable | disable] | replay-protection
[enable | disable] | replay-window seconds ]
To configure the dynamic authorization server port, use the following command:
WSS# set radius das-port portnum
To clear the das-port, use the following command:
WSS# clear radius das-port
To configure SSIDs for RADIUS DAC, use the following commands:
WSS# set authorization dynamic {ssid [wireless_8021X | 8021x | any |<name>]| wired
<name>}
termination-action Attribute for RADIUS
The termination-action RADIUS attribute supports reauthentication of all access types:
dot1x
web-portal
•MAC
last-resort
When the value is set to “0”, the user session is terminated after the session expires. If the value is set to “1”, the user
session is reauthenticated by sending a RADIUS request message after the session expires.
Note. You can configure upto four SSIDs and four wired rule names for RADIUS DAC.