Configuring packet of disconnect – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

419

Configuring RADIUS and TACACS+ Servers

Chapter 14

Beginning in privileged EXEC mode, follow these steps to specify RADIUS
authorization for privileged EXEC access and network services:

1. Enter global configuration mode.

configure terminal

2. Configure the access point for user RADIUS authorization for all

network-related service requests.

aaa authorization network radius

3. Configure the access point for user RADIUS authorization to determine if

the user has privileged EXEC access.

The

exec

keyword can return user profile information (such as

autocommand

information).

aaa authorization exec radius

4. Return to privileged EXEC mode.

end

5. Verify your entries.

show running-config

6. (Optional) Save your entries in the configuration file.

copy running-config startup-config

To disable authorization, use the

no aaa authorization

{network | exec}

method1 global configuration command.

Configuring Packet of Disconnect

Packet of Disconnect (PoD) is also known as Disconnect Message. Additional
information on PoD can be found in the Internet Engineering Task Force (IETF)
Internet Standard RFC 3576

Packet of Disconnect consists of a method of terminating a session that has
already been connected. The PoD is a RADIUS Disconnect_Request packet and
is intended to be used in situations where the authenticating agent server wants to
disconnect the user after the session has been accepted by the RADIUS
access_accept packet. This can be needed in at least two situations:

• Detection of fraudulent use, that cannot be performed before accepting

the call.

• Disconnecting hot spot users when their prepaid access time has expired.