We are developing an ISG Radius CoA client.
Our settings are:
* Cisco IOS Software, 7200 Software (C7200-K91P-M), Version 12.2(31)SB6, RELEASE SOFTWARE (fc1)
* Here is a snippet of our configuration for CoA:
aaa server radius dynamic-author
client 192.168.1.223 server-key xxx
The issue is that we are not able to implement the "Account Logon" procedure based on the Cisco documentation ( ISG Radius Interface http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sb/cg/isg_lib/isg_ig/isgcoa3.htm#wp1100384 ). We are not clear about the section below from this document:
"Since a CoA Account Logon request usually requires the inclusion of an encrypted password attribute, this password must be sent as Cisco VSA 249, which contains a separate authenticator for the user password (called initiator vector) followed by the encrypted user password, as detailed in Figure 6.
The initiator vector is a 16-octet pseudo-random number uniquely generated for each attribute. The encrypted value field is 16 or more octets containing data that is length-prefixed and zero padded to an even multiple of 16 octets."
We do not understand what procedure should be used for creating the encrypted password/value.
Can someone provide us more information on this with details on how to fill out subscriber-password field? An example would be especially helpful.