.. _example_interfaces_ethernet_authenticator_coa_coa:

###
Coa
###


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

This scenario shows how to enable CoA (Change of
Authorization) in a device with 802.1x/MAB authentication.

.. image:: coa.svg
  :width: 400

*******************************
Test CoA Disconnect 802.1x Peer
*******************************

Description
===========

In this scenario, three parties are actively involved:
an authenticator (DUT0), a supplicant (DUT1), and an
authentication server (DUT2). Once the authentication is
successfully performed, DUT2 sends a CoA/Disconnect
message to terminate the active session.

Scenario
========

.. include:: coa/testcoadisconnect802.1xpeer

.. raw:: html

  <hr>

****************************
Test CoA Disconnect MAB Peer
****************************

Description
===========

Similar to the 802.1x peer scenario, but with MAB
authentication.

Scenario
========

.. include:: coa/testcoadisconnectmabpeer

.. raw:: html

  <hr>

***************************************
Test CoA Disconnect Unauthorized Client
***************************************

Description
===========

In this scenario, the DUT2 IP is not allowed in a DUT0 CoA
configuration. The request is, therefore, rejected.

Scenario
========

.. include:: coa/testcoadisconnectunauthorizedclient

.. raw:: html

  <hr>

**********************************
Test CoA Disconnect Wrong Username
**********************************

Description
===========

In this scenario, DUT2 sends a CoA request to DUT0 using
the wrong username. DUT0 rejects the request.

Scenario
========

.. include:: coa/testcoadisconnectwrongusername

.. raw:: html

  <hr>

********************************
Test CoA Disconnect Wrong Secret
********************************

Description
===========

In this scenario, DUT2 uses a wrong secret to send a CoA
request to DUT0. The request is, therefore, rejected.

Scenario
========

.. include:: coa/testcoadisconnectwrongsecret

.. raw:: html

  <hr>