Users Guide

Table Of Contents
Authentication, Authorization, and Accounting 345
42 – Disconnect-NAK
A CoA Disconnect-Request terminates the session without disabling the
switch port. Instead, a CoA Disconnect-Request termination causes
reinitialization of the authenticator state machine for the specified host.
A CoA bounce host port request disables the port for 10 seconds. The bounce
host port is requested using the proprietary AVPair
. The switch may be configured to ignore bounce host port
requests using the authentication command bounce-port ignore command.
A CoA disable host port request disables the port. The operator must re-
enable the port via the UI or configure errdisable recovery for the authmgr
cause. The disable host port is requested using the proprietary AVPair
. The switch may be configured to
ignore disable host port requests using the authentication command disable-
port ignore command.
The CoA re-authenticate request re-authenticates the identified session. If
the session is unable to successfully authenticate, it is terminated. The re-
authenticate session action is requested using the proprietary AVPair
Any authentication host mode can be configured for 802.1X sessions in
conjunction with CoA. If the session cannot be located, the device returns a
Disconnect-NAK message with the
Session Context Not Found
attribute. If the session is located, the device performs the requested action
on the interface or 802.1X session. After the action has been performed, the
device returns a Disconnect-ACK message. The attributes returned within a
CoA ACK can vary based on the CoA Request.
The administrator can configure whether all or any of the session attributes
are used to identify a client session. If all is configured, all session
identification attributes included in the CoA-Request/Disconnect-Request
must match a session or the device returns a Disconnect-NAK or CoA-NAK
with the
Invalid Attribute Value
error-code attribute. All attributes in the
CoA-Request/Disconnect-Request are treated as mandatory attributes,
except Acct-Terminate-Cause. Unsupported attributes generate a
Disconnect-NAK with error-cause Unsupported Service.
Dell EMC Networking N-Series switches support the following attributes in
User-Name (IETF attribute #1)