Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
20
Helpful
2
Replies

what does coa-push=true mean

Go to solution
jinyuanbao
Level 1
Level 1

‎08-05-2022 01:08 AM - edited ‎08-05-2022 01:10 AM

Hi guys,

I'm getting the CiscoAVPair like this, and i wonder what does CiscoAVPair coa-push=true mean, it's already a coa message, what will it make switch do, i haven't find this attribute in other documents.

Many thanks.

CiscoAVPair subscriber:command=reauthenticate, audit-session-id=37498512hkpLG_lr1lRVyNJ0VE_9z5wWyzxidA6M4NK1jLQD5Do, coa-push=true

 

 

Snipaste_2022-08-05_16-04-28.png

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎08-05-2022 01:25 AM

 

 - FYI : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html#GUID-7A14410E-4CA1-4E0B-AC60-CDB1FCEDFF66

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

Go to solution
Marcelo Morais
VIP
VIP

‎08-07-2022 09:43 AM - edited ‎08-07-2022 09:44 AM

Hi @jinyuanbao ,

 a pulled model is used in a Standard RADIUS (RFC 2865) : " ... The RADIUS Protocol, defined in [RFC2865], does not support unsolicited messages sent from the RADIUS Server to the Network Access Server (NAS) ... "

 A pushed model is used in Dynamic Authorization Extensions to RADIUSRFC 5176: " ... To overcome these limitations, several vendors have implemented additional RADIUS commands in order to enable unsolicited messages to be sent to the NAS. These extended commands provide support for Disconnect and Change-of-Authorization (CoA) packets.  ... "

 Since ISE 2.4, Network Admin can push CoA (also known as Dynamic Authorization Extensions to RADIUS) changes from PSN.

An example of push CoA: " ... there are many instances in which it is desirable for changes to be made to Session characteristics, without requiring the NAS to initiate the exchange. For example, it may be desirable for administrators to be able to terminate user session(s) in progress. ... "

Hope this helps !!!

View solution in original post

2 Replies 2

Go to solution
marce1000
VIP
VIP

‎08-05-2022 01:25 AM

 

 - FYI : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html#GUID-7A14410E-4CA1-4E0B-AC60-CDB1FCEDFF66

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Marcelo Morais
VIP
VIP

‎08-07-2022 09:43 AM - edited ‎08-07-2022 09:44 AM

Hi @jinyuanbao ,

 a pulled model is used in a Standard RADIUS (RFC 2865) : " ... The RADIUS Protocol, defined in [RFC2865], does not support unsolicited messages sent from the RADIUS Server to the Network Access Server (NAS) ... "

 A pushed model is used in Dynamic Authorization Extensions to RADIUSRFC 5176: " ... To overcome these limitations, several vendors have implemented additional RADIUS commands in order to enable unsolicited messages to be sent to the NAS. These extended commands provide support for Disconnect and Change-of-Authorization (CoA) packets.  ... "

 Since ISE 2.4, Network Admin can push CoA (also known as Dynamic Authorization Extensions to RADIUS) changes from PSN.

An example of push CoA: " ... there are many instances in which it is desirable for changes to be made to Session characteristics, without requiring the NAS to initiate the exchange. For example, it may be desirable for administrators to be able to terminate user session(s) in progress. ... "

Hope this helps !!!

Customers Also Viewed These Support Documents