Monitoring And Troubleshooting Coa Functionality - Cisco Catalyst 4500 series Administration Manual

Chapter 46 Configuring 802.1X Port-Based Authentication
To disable AAA, use the no aaa new-model global configuration command. To disable the AAA server
functionality on the switch, use the no aaa server radius dynamic authorization global configuration
command:
Switch(config)# aaa server radius dynamic-author
Switch(config-locsvr-da-radius)# client ip addr vrf vrfname
Switch(config-locsvr-da-radius)# server-key cisco123
Switch(config-locsvr-da-radius)# port 3799
Note Default port for packet of disconnect is 1700. Port 3799 is required to interoperate with ACS 5.1.
Switch(config)# authentication command bounce-port ignore

Monitoring and Troubleshooting CoA Functionality

The following Cisco IOS commands can be used to monitor and troubleshoot CoA functionality on the
switch:
•
•
•
•
•
•
Configuring RADIUS Server Load Balancing
This feature allows access and authentication requests to be evenly across all RADIUS servers in a server
group. For more information, see the RADIUS Server Load Balancing chapter of the Cisco IOS Security
Configuration Guide, Release 12.2:
http://www.ciscosystems.com/en/US/docs/ios/12_2sb/feature/guide/sbrdldbl.html
Displaying the RADIUS Configuration
To display the RADIUS configuration, use the show running-config privileged EXEC command.
Configuring Device Sensor
This section includes the following:
•
•
•
•
OL_28731-01
debug radius
debug aaa coa
debug aaa pod
debug aaa subsys
debug cmdhd [detail | error | events]
show aaa attributes protocol radius
About Device Sensor, page 46-118
MSP-IOS Sensor Device Classifier Interaction, page 46-119
Configuring Device Sensor, page 46-119
Configuration Examples for the Device Sensor Feature, page 46-125
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring Device Sensor
46-117