Requirements and tips
The switch validates these mandatory attributes that must be present in the CoA/Disconnect Message:
Username
NAS IP
orNAS IPV6
orNAS Identifier
- Any one of the following combinations is used to identify the client session:
NAS-Port
andCalling-Station-ID
NAS-Port-ID
andCalling-Station-ID
Accounting-Session-ID
RADIUS server requirements:
For ClearPass to provide CoA capabilities, in the case where the switch sends the NAS-IP address as a routable IP address, the CLI command
ip source interface
must be executed with theradius
parameter.In CISCO ISE, to send the CoA request with the same username as in the RADIUS Accept, the Identity rewrite option has to be configured.