Configuring the Dynamic Authorization Service
Use the following sample configuration to enable the NAS as an authentication, authorization, and accounting (AAA) server for the dynamic authorization service. This service supports the RADIUS Disconnect and Change of Authorization (CoA) functionality.
config
profile radius-dynamic-author
client ipv4_address [ secret shared_secret ]
nas-identifier value
secret shared_secret
end
NOTES:
-
profile radius-dynamic-author : Enter the dynamic authorization configuration mode.
-
client ipv4_address [ secret shared_secret ] : Specify the IP address of the Dynamic Authorization Client. ipv4_address must be in standard IPv4 dotted decimal notation.
You can add a list of client IPs from which the Disconnect message is accepted.
secret shared_secret : This is an optional keyword. Specify the secret key at the client level.
ImportantConfiguring the server key at the client level overrides the server key configured at the global level.
-
nas-identifier value : Specify the dynamic authorization specific NAS-Identifier value. value must be an alphanumeric string of 1 to 64 characters.
If this keyword is configured, it is validated against the value received in DM request. If this keyword is not configured, the input value is silently ignored. That is, the DM requests from unlisted or unauthenticated clients are silently discarded.
-
secret shared_secret : Specify the global shared secret key of the server.