Is RADIUS CoA/DM Dynamic authorization supported on the cnPilot access points?

Yes, the cnPilot E series of access points do support RFC5176 (was earlier RFC3576) based Dynamic Authorization extensions to RADIUS. These can be used by a RADIUS server to send either a Disconnect-Message causing the client to be disconnected from the AP, or to send a Change-Of-Authorization message to update the session time of a client.

Both these features are useful in a public wifi network where access is controlled by a RADIUS server.

Disconnect-Message can be used by the RADIUS server to force a client that due to policy reasons is no longer meant to be authorized on the network, to be disconnected and to attempt to login again. If the client remains out of policy the authentication would now fail. This way a RADIUS server can essentially revoke a prior authentication.

Change of Authorization can be used to update some parameter of the client's connection. cnPilot access points support changing the session timeout of teh client. This can be useful in scenarios such as paid wifi access where a user might have had 60 minutes of free access, but has purchased a longer session time during that period. The client will now have its session seamless extended to the new session time.

To enable dynamic authorization check the 'Dynamic Auth' checkbox in the WLAN configuration page of the GUI:

1 Like

Here is the list of attributes which our AP expects in a CoA or Disconnect Request .

User name

User password

Calling Station ID


Shared Secret

Please note thet by default we listen on default 3799 port.

1 Like