08-05-2022 01:08 AM - edited 08-05-2022 01:10 AM
Hi guys,
I'm getting the CiscoAVPair like this, and i wonder what does CiscoAVPair coa-push=true mean, it's already a coa message, what will it make switch do, i haven't find this attribute in other documents.
Many thanks.
CiscoAVPair | subscriber:command=reauthenticate, audit-session-id=37498512hkpLG_lr1lRVyNJ0VE_9z5wWyzxidA6M4NK1jLQD5Do, coa-push=true |
Solved! Go to Solution.
08-05-2022 01:25 AM
M.
08-07-2022 09:43 AM - edited 08-07-2022 09:44 AM
Hi @jinyuanbao ,
a pulled model is used in a Standard RADIUS (RFC 2865) :
A pushed model is used in Dynamic Authorization Extensions to RADIUS - RFC 5176: " ... To overcome these limitations, several vendors have implemented additional RADIUS commands in order to enable unsolicited messages to be sent to the NAS. These extended commands provide support for Disconnect and Change-of-Authorization (CoA) packets. ... "
Since ISE 2.4, Network Admin can push CoA (also known as Dynamic Authorization Extensions to RADIUS) changes from PSN.
An example of push CoA: " ... there are many instances in which it is desirable for changes to be made to Session characteristics, without requiring the NAS to initiate the exchange. For example, it may be desirable for administrators to be able to terminate user session(s) in progress. ... "
Hope this helps !!!
08-05-2022 01:25 AM
M.
08-07-2022 09:43 AM - edited 08-07-2022 09:44 AM
Hi @jinyuanbao ,
a pulled model is used in a Standard RADIUS (RFC 2865) :
A pushed model is used in Dynamic Authorization Extensions to RADIUS - RFC 5176: " ... To overcome these limitations, several vendors have implemented additional RADIUS commands in order to enable unsolicited messages to be sent to the NAS. These extended commands provide support for Disconnect and Change-of-Authorization (CoA) packets. ... "
Since ISE 2.4, Network Admin can push CoA (also known as Dynamic Authorization Extensions to RADIUS) changes from PSN.
An example of push CoA: " ... there are many instances in which it is desirable for changes to be made to Session characteristics, without requiring the NAS to initiate the exchange. For example, it may be desirable for administrators to be able to terminate user session(s) in progress. ... "
Hope this helps !!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: