Great, thanks for that. I found this document that explains everything. I'll post the blurb here:
Configuring an RFC-3576 RADIUS Server
You can configure a RADIUS server to send user disconnect, change-of-authorization (CoA), and session timeout messages as described in RFC 3576, “Dynamic Authorization Extensions to Remote Dial In User Service (RADIUS)”.
The disconnect and change-of-authorization messages sent from the server to the controller contains information to identify the user for which the message is sent. The controller supports the following attributes for identifying the users who authenticate with a RFC 3576 server:
| | user-name: Name of the user to be authenticated |
| | framed-ip-address: User’s IP address |
| | calling-station-id: Phone number of a station that originated a call |
| | accounting-session-id: Unique accounting ID for the user session. |
If the authentication server sends both supported and unsupported attributes to the controller, the unknown or unsupported attributes are ignored. If no matching user is found the controller sends a 503: Session Not Found error message back to the RFC 3576 server.