Force client re-authorization

Authenticated clients will be forced to perform re-authentication during the authentication session using the Session-Timeout attribute in RADIUS CoA. When the authenticator switch (acting as NAS for wired clients) receives RADIUS CoA with Session-Timeout value set to 'x' seconds; client re-authentication for specified client is triggered, after 'x' seconds.

Mandatory RADIUS CoA attributes to force client re-authentication

User-Name = '00:50:56:bd:39:55',
NAS-Port-Id = '3',
NAS-IP-Address =,
Calling-Station-Id = '00-50-56-bd-39-55',
Session-Timeout = 2
Termination-Action = RADIUS_REQ (1)

Attributes such as User-Name, NAS-Port-Id, NAS-IP-Address and Calling-Station-Id are used to uniquely identify client's authentication session in NAS.