Cisco CCNA (640-553) Security Training
Using the “aaa pod server” command
By Charles Ross CCNA - CCNP #CSCO10444244
In today’s article, I’m going to quickly inform you about the Cisco IOS global configuration mode command named “aaa pod server”.
Network administrators (like you) use the “aaa pod server” command, to allow (enable) inbound user sessions to be disconnected when specific session attributes are presented.
Another way of saying it is; CCNA’s use the command to disconnect a session. (In order for a session to become disconnected, the values in one or more of the key fields in the POD request must match the values for a session on one of the network access server ports).
You can use the aaa pod server command along with the “auth-type” keyword, to indicate which values must match.
Below is the command’s syntax:
aaa pod server [port port number] [auth-type {any | all | session-key}] server-key [encryption-type] string
port port number—This (optional) keyword and argument is used to indicate the network access server User Datagram Protocol (UDP) port to use for packet of disconnect (POD) requests. Default value is 1700.
auth-type – This (optional) keyword is used to indicate the type of authorization required for disconnecting sessions. If no authentication type is specified, auth-type is the default.
any – This (optional) keyword simply means, session that matches all of the attributes sent in the POD packet is disconnected. The POD packet may contain one or more of four key attributes (user-name, framed-IP-address, session-ID, and session-key).
all – This (optional) keyword simply means, only a session that matches all four key attributes is disconnected. The default is all.
session-key – This (optional) keyword simply means, a session(s) with a matching session-key attribute is disconnected. All other attributes are ignored.
server-key – This keyword is used to configure the shared-secret text string.
encryption-type – This (optional) argument is a single-digit number that defines whether the text immediately following is encrypted, and, if so, what type of encryption is used. Currently defined encryption types are 0, which means that the text immediately following is not encrypted, and 7, which means that the text is encrypted using an encryption algorithm defined by Cisco.
string – This argument is a shared-secret text string that is shared between the network access server and the client workstation. This shared-secret string must be the same on both systems.
Below is an example of the command being used:
Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa pod server server-key ittechtips
Router(config)#exit
Router#copy run start
In the example above, POD is being enabled and the secret key is being set to “ittechtips”.
And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa pod server
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.1(3)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa pod server command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross
CCNA- CCNP #CSCO10444244