Radius COA functionality on Zyxel AP

Options
Zyxel_Judy
Zyxel_Judy Posts: 924  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

Based on the need of user @mikebutash , we would like to propose the implementation of Radius COA functionality on Zyxel AP. This topic was raised in the following discussion:   

Radius COA functionality to deauth clients immediately? — Zyxel Community

If anyone likes this idea, please feel free to leave a comment or click vote.   

Be a Community MVP: Win a VIP Deal Dash on Your Next Zyxel Purchase!

4 votes

Active · Last Updated

Comments

  • luci_stanescu
    Options

    Hi,

    This would be a great addition to the current functionality to allow useful NAC implementations.

    Could I also suggest that support for CoA not be limited to terminating sessions, but to also allow forcing EAP reauthentication and/or changing attributes?

    Specifically, for the first scenario, a CoA request can get the authenticator (the AP/switch) to send an EAP request to the supplicant (the 802.1X client) to reauthenticate. This could also serve as the means to deassociate the client, if the subsequent EAP authentication fails.

    As far as the second scenario goes, the CoA request could, for example, include a Tunnel-Private-Group-ID AVP to change the VLAN assignment of the client.

    What do you think of these suggestions?

    Thanks,

    Luci

  • Zyxel_Nami
    Zyxel_Nami Posts: 479  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hello Luci,

    Thank you for sharing your insightful suggestions regarding the implementation of Radius CoA functionality on Zyxel AP. Your ideas about integrating EAP Reauthentication and VLAN Assignment with CoA are indeed innovative and valuable.

    While I understand the potential benefits of these features, I regret to inform you that, as of this writing, Radius CoA is not currently planned to be included in our roadmap.

    However, I want to assure you that your feedback is essential to us, and we will keep it in consideration for future developments. In the meantime, you may explore the below parameters of Nebula AP to see if the RADIUS packet from your radius server includes the necessary attributes to achieve your goals of managing client connections.

    • Service-Type: service type
    • Framed-IP-Address: station’s IP address
    • User-Name: user name
    • Calling-Station-Id: station’s MAC address

    Your engagement with our community and your willingness to contribute ideas are highly appreciated.

    Zyxel Nami