Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring RADIUS-Initiated Dynamic Request Support

 

The router uses the list of specified RADIUS authentication servers for both authentication and dynamic request operations. By default, the router monitors UDP port 3799 for dynamic requests, also known as Change of Authorization (CoA) requests.

To configure RADIUS dynamic request support:

  • Specify the IP address of the RADIUS server.

To configure the router to support dynamic requests from more than one RADIUS server:

  • Specify the IP addresses of multiple RADIUS servers.

When you configure dynamic request ports, you must do one of the following:

  • Use the default port for all RADIUS servers at both the global access level and in all access profiles.

  • Configure the same nondefault port for all servers at both the global access level and in all access profiles.

Note

Any other configuration results in a commit check failure. Multiple port numbers—that is, different port numbers for different servers—are not supported.

To specify a global dynamic request port:

To specify the dynamic request port for a specific access profile:

Consider the following scenarios:

  • The following configuration uses the default port for both a server globally and a different server in the access profile. This is a valid configuration.

  • The following configuration specifies nondefault port 50201 for both a server globally and a different server in the access profile. This is a valid configuration.

  • The following configuration specifies port 50201 globally for a server and port 51133 for the same server in the ap1 access profile. This is an invalid configuration and commit check fails, because multiple nondefault ports are not supported.

  • The following configuration uses the default port 3799 for one server globally and port 51133 for another server globally. This is an invalid configuration and the commit check fails, because for all servers you must configure either the default port or the same nondefault port.