Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2944
Views
5
Helpful
2
Replies

802.1x Radius Dynamic Author

iores
Level 3
Level 3

‎04-16-2023 02:00 PM

Hi,

what is the meaning of these command lines:

aaa server radius dynamic-author

client 10.1.1.1 server-key shared_secret

 More specifically, what does the 'client' stands for when the IP address is IP of Radius server.

Thank you.

0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎04-16-2023 02:07 PM

In RADIUS there is always a client that makes the requests, and the server that processes the requests. When RADIUS was invented many years ago, the RADIUS Server was always the server - waiting for NAS clients (wireless controller, switches, VPN, broadband concentrators, etc) to send requests.  But an enhancement was made to the RADIUS protocol to allow the server to also initiate requests - this time, the server initiates the request to the NAS - therefore on the switch, you have to list the IP addresses of the RADIUS servers that are allowed to make requests to the NAS. A RADIUS server will only send a CoA (Change of Authorization) request to a NAS. This is for re-authentication and disconnect and other things.

Nancy Saini
Cisco Employee
Cisco Employee
In response to Arne Bier

‎04-17-2023 12:45 AM

Adding to what @Arne Bier mentioned, the dynamic-author command is required for switch to accept RADIUS CoA (Change of Authorization) request coming from the RADIUS server and the network device acknowledging it with CoA Ack.

Customers Also Viewed These Support Documents