how-to_‎ > ‎cisco_wlc_‎ > ‎

CoA change of authorization RFC 3576 on Cisco WLC5508

posted Apr 14, 2014, 9:20 AM by Daniele Albrizio
On WLC web interface select Security -> AAA -> Radius -> Authentication
For each server, enable the RFC 3576 Support.

You can now use the following simple script to do the job:

#!/bin/sh
  IP=<ip address of wlc>
  PORT=<usually 3799>
  SECRET=<Radius shared secret>
  RESULT=`echo "User-Name = $1" | radclient $IP:$PORT 40 $SECRET  `
  echo $RESULT
  echo $RESULT | grep "code 42" >/dev/null
  if [ $? == 0 ]; then
    echo User $1 NOT CONNECTED on $NAME.
  fi
  echo $RESULT | grep "code 41" >/dev/null
  if [ $? == 0 ]; then
    echo User $1 SUCCESSFULLY DISCONNECTED from $NAME.   
  fi

Please pay attention to the radius SECRET since de wlc silently discards unauthenticated packets making you mad!
Debug it using show radius rfc3576 statistics command and looking for "Bad Authenticator Requests" using WLC CLI.
Comments