Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
20
Helpful
2
Replies

what does coa-push=true mean

Go to solution
jinyuanbao
Level 1
Level 1

‎08-05-2022 01:08 AM - edited ‎08-05-2022 01:10 AM

Hi guys,

I'm getting the CiscoAVPair like this, and i wonder what does CiscoAVPair coa-push=true mean, it's already a coa message, what will it make switch do, i haven't find this attribute in other documents.

Many thanks.

CiscoAVPair subscriber:command=reauthenticate, audit-session-id=37498512hkpLG_lr1lRVyNJ0VE_9z5wWyzxidA6M4NK1jLQD5Do, coa-push=true

 

 

Snipaste_2022-08-05_16-04-28.png

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎08-05-2022 01:25 AM

 

 - FYI : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html#GUID-7A14410E-4CA1-4E0B-AC60-CDB1FCEDFF66

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

View solution in original post

Go to solution
Marcelo Morais
VIP
VIP

‎08-07-2022 09:43 AM - edited ‎08-07-2022 09:44 AM

Hi @jinyuanbao ,

 a pulled model is used in a Standard RADIUS (RFC 2865) : " ... The RADIUS Protocol, defined in [RFC2865], does not support unsolicited messages sent from the RADIUS Server to the Network Access Server (NAS) ... "

 A pushed model is used in Dynamic Authorization Extensions to RADIUSRFC 5176: " ... To overcome these limitations, several vendors have implemented additional RADIUS commands in order to enable unsolicited messages to be sent to the NAS. These extended commands provide support for Disconnect and Change-of-Authorization (CoA) packets.  ... "

 Since ISE 2.4, Network Admin can push CoA (also known as Dynamic Authorization Extensions to RADIUS) changes from PSN.

An example of push CoA: " ... there are many instances in which it is desirable for changes to be made to Session characteristics, without requiring the NAS to initiate the exchange. For example, it may be desirable for administrators to be able to terminate user session(s) in progress. ... "

Hope this helps !!!

View solution in original post

2 Replies 2

Go to solution
marce1000
VIP
VIP

‎08-05-2022 01:25 AM

 

 - FYI : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html#GUID-7A14410E-4CA1-4E0B-AC60-CDB1FCEDFF66

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Go to solution
Marcelo Morais
VIP
VIP

‎08-07-2022 09:43 AM - edited ‎08-07-2022 09:44 AM

Hi @jinyuanbao ,

 a pulled model is used in a Standard RADIUS (RFC 2865) : " ... The RADIUS Protocol, defined in [RFC2865], does not support unsolicited messages sent from the RADIUS Server to the Network Access Server (NAS) ... "

 A pushed model is used in Dynamic Authorization Extensions to RADIUSRFC 5176: " ... To overcome these limitations, several vendors have implemented additional RADIUS commands in order to enable unsolicited messages to be sent to the NAS. These extended commands provide support for Disconnect and Change-of-Authorization (CoA) packets.  ... "

 Since ISE 2.4, Network Admin can push CoA (also known as Dynamic Authorization Extensions to RADIUS) changes from PSN.

An example of push CoA: " ... there are many instances in which it is desirable for changes to be made to Session characteristics, without requiring the NAS to initiate the exchange. For example, it may be desirable for administrators to be able to terminate user session(s) in progress. ... "

Hope this helps !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents