Radius COA functionality on Zyxel AP

Zyxel_Judy
Zyxel_Judy Posts: 1,584  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
edited July 2 in Wireless Ideas

Based on the need of user @mikebutash , we would like to propose the implementation of Radius COA functionality on Zyxel AP. This topic was raised in the following discussion:   

Radius COA functionality to deauth clients immediately? — Zyxel Community

If anyone likes this idea, please feel free to leave a comment or click vote.   

Untitled Image

Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

https://bit.ly/2024_Survey_Community

4
Up Down
4 votes

Active · Last Updated

Comments

  • luci_stanescu
    luci_stanescu Posts: 1
    First Comment

    Hi,

    This would be a great addition to the current functionality to allow useful NAC implementations.

    Could I also suggest that support for CoA not be limited to terminating sessions, but to also allow forcing EAP reauthentication and/or changing attributes?

    Specifically, for the first scenario, a CoA request can get the authenticator (the AP/switch) to send an EAP request to the supplicant (the 802.1X client) to reauthenticate. This could also serve as the means to deassociate the client, if the subsequent EAP authentication fails.

    As far as the second scenario goes, the CoA request could, for example, include a Tunnel-Private-Group-ID AVP to change the VLAN assignment of the client.

    What do you think of these suggestions?

    Thanks,

    Luci

  • Zyxel_Nami
    Zyxel_Nami Posts: 656  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hello Luci,

    Thank you for sharing your insightful suggestions regarding the implementation of Radius CoA functionality on Zyxel AP. Your ideas about integrating EAP Reauthentication and VLAN Assignment with CoA are indeed innovative and valuable.

    While I understand the potential benefits of these features, I regret to inform you that, as of this writing, Radius CoA is not currently planned to be included in our roadmap.

    However, I want to assure you that your feedback is essential to us, and we will keep it in consideration for future developments. In the meantime, you may explore the below parameters of Nebula AP to see if the RADIUS packet from your radius server includes the necessary attributes to achieve your goals of managing client connections.

    • Service-Type: service type
    • Framed-IP-Address: station’s IP address
    • User-Name: user name
    • Calling-Station-Id: station’s MAC address

    Your engagement with our community and your willingness to contribute ideas are highly appreciated.

    241015_Speak-up,-Win-WiFi-7_Community-CSO-signature_1920x200.jpg

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

    Nami

Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)