Hi,
You only need to define the COA client with the secret under radius-server stanza. The rest of configuration for AAA can stay the same.
Sample config:
radius-server {
/* Radius AAA */
192.168.0.11 {
secret "$9$O5jLRyKXxdsYoX7wg4aHktu01cyKM8"; ## SECRET-DATA
source-address 172.16.2.1;
}
/* RADIUS COA Only */
192.168.1.58 {
secret "$9$IaXceWN-wg4ZNd2aJG.m0B1EreWLx"; ## SECRET-DATA
source-address 192.168.1.108;
}
}
profile RADIUS {
accounting-order radius;
authentication-order radius;
radius {
authentication-server 192.168.0.11;
accounting-server 192.168.0.11;
}
}
Example of COA:
$ echo "User-name=user@test.net,NAS-IP-Address=172.16.2.1,Acct-Session-Id=171,Framed-Route='10.10.10.10/32 0.0.0.0'" | /usr/bin/radclient -x 192.168.1.108:3799 coa test123
Sending CoA-Request of id 202 to 192.168.1.108 port 3799
User-Name = "user@test.net"
NAS-IP-Address = 172.16.2.1
Acct-Session-Id = "171"
Framed-Route = "10.10.10.10/32 0.0.0.0"
rad_recv: CoA-ACK packet from host 192.168.1.108 port 3799, id=202, length=20
Hope this helps.
Ashvin