Force a client re-authentication directly via CLI (EXOS / EOS)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2017 06:00 AM
Hi,
during a HP (2920) Switching / NAC project i learned that MAC or 802.1x re-authentication can be done directly via switch CLI:
This is a nice feature especially you do not have Netsight NAC with NAC Managers "Force Re-auth" button.
In the past everybody uses a hard port link down/up - but the above command is smarter especially you have multi-user on that regarding port.
Is there a similar command for re-authentication available on EXOS / EOS ??
Regards
during a HP (2920) Switching / NAC project i learned that MAC or 802.1x re-authentication can be done directly via switch CLI:
code:
> reauthenticateaaa port-access mac-based <port-list
code:
<aaa port-access authenticator
port-list> reauthenticate
This is a nice feature especially you do not have Netsight NAC with NAC Managers "Force Re-auth" button.
In the past everybody uses a hard port link down/up - but the above command is smarter especially you have multi-user on that regarding port.
Is there a similar command for re-authentication available on EXOS / EOS ??
Regards
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2017 07:02 AM
The RFC3576 works on EOS. It is enabled by default and I have no idea if you can disable it. So no need for documentation. I am sure you will find the RFC in the datasheet. And you are right we do support the CoA in 22.x
Regards
Zdeněk Pala
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-14-2019 07:45 AM
"Is Change of Authorization (CoA) supported on EOS switches?
- Article Type:
- Q & A
- Article Number:
- 000038365
- Last Modified:
- 3/13/2019"
"Environment
- EOS
- 7100-Series
- K-Series
- S-Series
- Securestack
- CoA
- RFC5176
Answer
RFC5176 Dynamic Authorization Extension to RADIUS is supported on S/K/7100 platforms but not on Securestack switches. "Source: https://extremeportal.force.com/ExtrArticleDetail?n=000038365
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2017 07:02 AM
Hi Andre,
as i tcpdump with current EXOS - Force reauth (from NAC Gateway) is done via dot1x snmp MIB (for both mac and 802.1x).
By the way other switches like H3C provide CoA (Change of Authorization) which is known from Wireless for re-auth. This is also a smart method.
Regards
as i tcpdump with current EXOS - Force reauth (from NAC Gateway) is done via dot1x snmp MIB (for both mac and 802.1x).
By the way other switches like H3C provide CoA (Change of Authorization) which is known from Wireless for re-auth. This is also a smart method.
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2017 07:02 AM
Hi Zdenek,
regarding CoA:
EXOS support that started on EXOS V22.1
configure radius dynamic-authorization ...
EOS support this feature only on S/K maybe N-Series - but not on (edge) SecureStacks.
set radius authorization dynamic ...
Searching last V8.61 s-series manuals i found no entry for that feature :-((
is my search wrong or is there no manual entry for that feature ?
Regards
regarding CoA:
EXOS support that started on EXOS V22.1
configure radius dynamic-authorization ...
EOS support this feature only on S/K maybe N-Series - but not on (edge) SecureStacks.
set radius authorization dynamic ...
Searching last V8.61 s-series manuals i found no entry for that feature :-((
is my search wrong or is there no manual entry for that feature ?
Regards
