Setup Guide
Disconnect Message Processing
This section lists various actions that the NAS performs during DM processing.
The following activities are performed by NAS:
• responds with DM-Nak, if no matching session is found in NAS for the session identication attributes in DM; Error-Cause value is
“Session Context Not Found” (503).
• responds with DM-Nak for any internal processing error in NAS; Error-Cause value is “Resources Unavailable” (506).
• ignores attributes that are supported as per RFC but are irrelevant to the DM operation.
• responds to a disconnect message containing one or more incorrect attributes values with a Disconnect-NAK; Error-Cause value is
“Invalid Attribute Value” (407).
• responds to a disconnect message containing unsupported attributes with DM-Nak; Error-Cause value is “Unsupported Attributes”
(401).
NOTE: Unsupported attributes are the ones that are not mentioned in the RFC 5176 but present in the disconnect
message that is received by the NAS.
• rejects the disconnect message containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match NAS with DM-Nak;
Error-Cause value is “NAS Identication Mismatch” (403).
• responds with a DM-Nak, if the NAS is congured to prohibit honoring of disconnect messages; Error-Cause value is “Administratively
Prohibited” (501).
Conguring DAC
You can congure trusted dynamic authorization clients (DACs).
This setting enables you to congure more than one DAC. Duplicate congurations are not allowed.
1 Enter the following command to enter dynamic authorization mode:
radius dynamic-auth
2 Enter the following command to congure DAC:
client host-name
Dell(conf-dynamic-auth#)client testhost
Conguring the port number
You can congure the port number on which the NAS receives CoA or DM requests.
This setting enables you to specify an optional port number on which to receive CoA or DM requests. The default value is 3799.
Enter the following command to congure the port number:
port port-number
The range for the port number value that you can specify is from 1 to 65535.
Dell(conf-dynamic-auth#)port 2000
Conguring shared key
You can congure a global shared key for the dynamic authorization clients (DACs).
1 Enter the following command to enter dynamic authorization mode:
radius dynamic-auth
2 Enter the following command to congure the global shared key value:
Security
933