Administrator Guide
Table 102. Error-cause Values (continued)
Serial
Number
Error-cause Scenarios
5 Session Context Not
Found(503)
● CoA or DM request containing session identification attributes that does not
match any of the NAS user sessions.
6 Resource Unavailable(506)
● Internal CoA or DM message processing errors.
7 Missing Attribute(402)
● CoA or DM request without Vendor-specific attribute or invalid Vendor-
specific attribute.
● CoA with re-authenticate or terminate request not containing calling-station-
id or NAS-Port attribute.
● CoA with disable-port or bounce-port request not containing NAS-Port
attribute.
● DM request not containing user-name attribute.
CoA Packet Processing
This section lists various actions that the NAS performs during CoA packet processing.
The following activities are performed by NAS:
● responds with CoA-Nak, if no matching session is found for the session identification attributes in CoA; Error-Cause value is
“Session Context Not Found” (503).
● responds with CoA-Nak, for any internal processing error in NAS; Error-Cause value is “Resources Unavailable” (506).
● ignores attributes that are supported as per RFC but irrelevant to the CoA operations.
● responds to a CoA-Request containing one or more incorrect attribute values with a CoA-Nak; Error-Cause value is “Invalid
Attribute Value” (407).
NOTE:
The Invalid Attribute Value Error-Cause is applicable to following scenarios:
○ if the CoA request contains incorrect Vendor-Specific attribute value.
○ if the CoA request contains incorrect NAS-port or calling-station-id values.
● rejects the CoA-Request containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match the NAS with a
CoA-Nak; Error-Cause value is “NAS Identification Mismatch” (403).
● responds with a CoA-Nak, if it is configured to prohibit honoring of corresponding CoA-Request messages; Error-Cause
value is “Administratively Prohibited” (501).
NOTE:
The Administratively Prohibited Error-Cause is also applicable to following scenarios:
○ if the dot1x feature is not enabled in the NAS-port.
○ if the NAS-port state is administratively down.
CoA or DM Discard
This section lists various actions that the NAS performs during CoA or DM discard.
The following activities are performed by NAS:
● discards the packet, if dynamic authorization feature is not enabled in NAS.
● discards the packet, if the configured shared key entry is not found for the source IP address of the packet.
● discards the packet with invalid code field. NAS supports the following radius codes.
○ Disconnect-Request (40)
○ CoA-Request (43)
● discards the duplicate packets, if NAS is currently processing the original packet. NAS identifies the duplicate packet with
the following fields:
○ Source IP address
Security
863