Radius COA functionality on Zyxel AP
Based on the need of user @mikebutash , we would like to propose the implementation of Radius COA functionality on Zyxel AP. This topic was raised in the following discussion:
Radius COA functionality to deauth clients immediately? — Zyxel Community
If anyone likes this idea, please feel free to leave a comment or click vote.
Be a Community MVP: Win a VIP Deal Dash on Your Next Zyxel Purchase!
Comments
-
Hi,
This would be a great addition to the current functionality to allow useful NAC implementations.
Could I also suggest that support for CoA not be limited to terminating sessions, but to also allow forcing EAP reauthentication and/or changing attributes?
Specifically, for the first scenario, a CoA request can get the authenticator (the AP/switch) to send an EAP request to the supplicant (the 802.1X client) to reauthenticate. This could also serve as the means to deassociate the client, if the subsequent EAP authentication fails.
As far as the second scenario goes, the CoA request could, for example, include a Tunnel-Private-Group-ID AVP to change the VLAN assignment of the client.
What do you think of these suggestions?
Thanks,
Luci
0 -
Hello Luci,
Thank you for sharing your insightful suggestions regarding the implementation of Radius CoA functionality on Zyxel AP. Your ideas about integrating EAP Reauthentication and VLAN Assignment with CoA are indeed innovative and valuable.
While I understand the potential benefits of these features, I regret to inform you that, as of this writing, Radius CoA is not currently planned to be included in our roadmap.
However, I want to assure you that your feedback is essential to us, and we will keep it in consideration for future developments. In the meantime, you may explore the below parameters of Nebula AP to see if the RADIUS packet from your radius server includes the necessary attributes to achieve your goals of managing client connections.
- Service-Type: service type
- Framed-IP-Address: station’s IP address
- User-Name: user name
- Calling-Station-Id: station’s MAC address
Your engagement with our community and your willingness to contribute ideas are highly appreciated.
Zyxel Nami
0
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight