Requirements and tips

The switch validates these mandatory attributes that must be present in the CoA/Disconnect Message:

  • Username

  • NAS IP or NAS IPV6 or NAS Identifier

  • Any one of the following combinations is used to identify the client session:

    • NAS-Port and Calling-Station-ID

    • NAS-Port-ID and Calling-Station-ID

    • Accounting-Session-ID

RADIUS server requirements:

  • For ClearPass to provide CoA capabilities, in the case where the switch sends the NAS-IP address as a routable IP address, the CLI command ip source interface must be executed with the radius parameter.

  • In CISCO ISE, to send the CoA request with the same username as in the RADIUS Accept, the Identity rewrite option has to be configured.