Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsOS9

731

732

733

734

735

736

737

738

739

740

Table 85. DM AAA Session(s) disconnect (continued)

Radius Attribute

code

Radius Attribute Description Mandatory

5 NAS-Port Port on which session is terminated No

Authorization Attributes

26 Vendor-Specific t=26(vendor-specific);l=length;vendor-

identification-attribute;Length=value;

Data=”cmd=disconnect-user”

Yes

Error-cause Values

It is possible that a Dynamic Authorization Server cannot honor Disconnect Message request or CoA request packets for some

reason.

The Error-Cause Attribute provides more detail on the cause of the problem. It may be included within CoA-Nak and

Disconnect-Nak packets.

The following table describes various error causes for the CoA and DM requests:

Table 86. Error-cause Values

Serial

Number

Error-cause Scenarios

1 Unsupported Attributes(401)

● CoA or DM request containing one or more unsupported attributes.

● DM requests containing attributes other than NAS/Session identification

attributes.

2 Invalid Attribute Value(407)

● CoA or DM request containing the incorrect NAS-Port, calling-station-id, and

Vendor-Specific attribute values.

3 NAS Identification

Mismatch(403)

● CoA request containing NAS-IP-Address or NAS-IPV6-Address that does not

match NAS.

4 Administratively

Prohibited(501)

● NAS is configured to ignore the CoA or DM request. Also, dot1x is not

configured on the NAS-Port.

5 Session Context Not

Found(503)

● CoA or DM request containing session identification attributes that does not

match any of the NAS user sessions.

6 Resource Unavailable(506)

● Internal CoA or DM message processing errors.

7 Missing Attribute(402)

● CoA or DM request without Vendor-specific attribute or invalid Vendor-

specific attribute.

● CoA with re-authenticate or terminate request not containing calling-station-

id or NAS-Port attribute.

● CoA with disable-port or bounce-port request not containing NAS-Port

attribute.

● DM request not containing user-name attribute.

CoA Packet Processing

This section lists various actions that the NAS performs during CoA packet processing.

The following activities are performed by NAS:

● responds with CoA-Nak, if no matching session is found for the session identification attributes in CoA; Error-Cause value is

“Session Context Not Found” (503).

● responds with CoA-Nak, for any internal processing error in NAS; Error-Cause value is “Resources Unavailable” (506).

● ignores attributes that are supported as per RFC but irrelevant to the CoA operations.

Security

735