Could anyone explain Radius COA in layman language?
I know only one feature where the radius assigns the VLAN.
Appreciate your time on this.
COA: Radius authentication
radius
Related Topic
- PPPoE – How Does PPPoE Reach the Radius Server?
- EAP Packets Generated for Plain MAC-Based Authentication – Cisco Radius Guide
- Cisco VLAN RADIUS – RADIUS VLAN Assignment with Cisco ISE
- Security – Difference Between RADIUS and 802.1X Port-Based Authentication
- Juniper Radius Configuration
- Cisco Nexus RADIUS Authentication Privilege Issue – How to Resolve
Best Answer
Originally with RADIUS AAA a client would authenticate and be granted access/authority via a policy. However if during this session the endpoints were to experience some changes that affected authorization there was no way to reauthenticate/re-apply policy/change policy without disconnection.
The outcome ended up being that a client would be disconnected and then have to reconnect to receive an altered AAA policy/profile.
Thus with CoA, changes can be made to authorization within a current AAA session. Using your vlan example - a client could authenticate and be placed in a walled garden VLAN, once NAC or some other system determines the device to be clean then a CoA can be sent to the network device which triggers a VLAN change for the client to an unrestricted VLAN.
I was largely exposed to CoA at my previous job for an ISP. CoA was used to trigger shaping QoS policies in-flight for users that had breached their download quota limit. This meant no disconnections for users just to apply a new QoS policy to their virtual interface.
HTH.