Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

das

vpn interface dot1x das—Configure dynamic authorization service (DAS) parameters for use with IEEE 802.1X authentication so that the router can accept change of authentication (CoA) requests from a RADIUS server (on vEdge routers only).

When discussing DAS, the vEdge router (the NAS) is the server and the RADIUS server (or other authentication server) is the client.

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► VPN Interface Ethernet

Command Hierarchy

vpn vpn-id
  interface interface-name
    dot1x
      das
        client ip-address
        port port-number
        require-timestamp
        secret-key password
        time-window seconds
        vpn vpn-id

Options

Password
secret-key password
Password that the the RADIUS or other authentication server uses to access the vEdge router 802.1X interface.
Port Number
port port-number
UDP port number for the vEdge router to use to listen for CoA requests from the RADIUS server. If you configure DAS on multiple 802.1Z interfaces on a vEdge router, you must configure each interface to use a different UDP port.
Range: 1 through 65535
Default: 3799
RADIUS Server IP Address
client ip-address
IP address of the RADIUS authentication server or other authentication server from which to accept CoA requests.
Timestamps
require-timestamp
Require the DAS client (which is the RADIUS or other authentication server) to include an event timestamp in all CoA messages. When timestamps are required both the vEdge router and the RADIUS server check that the timestamp in the CoA request is current and within a specific time window (the default time window is 5 minutes). If it is not, the CoA request is discarded. Also, when timestamps are required, a CoA received without a timestamp is discarded immediately. By default, timestamps are not required.
Time Window
time-window seconds
How long a CoA request is valid. The time window is applied to CoA requests only if you have configured require-timestamp. When you configure timestamps, both the vEdge router and the RADIUS server check that the timestamp in the CoA request is within the time window. If the timestamp is outside this window, the CoA request is discarded.
Range: 0 through 1000 seconds
Default: 300 seconds (5 minutes)
VPN
vpn vpn-id
VPN through which the RADIUS or other authentication server is reachable.

Example

Configure DAS with a network RADIUS servers to allow the vEdge router to accept CoA requests from that server. This configuration requires timestamps in the CoA requests and extends the valid CoA window to 10 minutes.

vEdge(config-das)# show full-configuration 
vpn 0
 interface ge0/2
  dot1x
   das
    time-window       600
    require-timestamp
    client            10.1.15.150
    secret-key        $4$L3rwZmsIic8zj4BgLEFXKw==
   !
  !
 !
!

Release Information

Command introduced in Viptela Software Release 16.3.​

Additional Information

radius

  • Was this article helpful?