Users Guide

Security Commands 933

If the session cannot be located, the device returns a Disconnect-NAK

message with the “Session Context Not Found” error-code attribute. If the

session is located, the device terminates the session. After the session has

been completely removed, the device returns a Disconnect-ACK message.

The attributes returned within a CoA ACK can vary based on the CoA

Request.

The administrator can configure whether all or any of the session attributes

are used to identify a client session. If all is configured, all session

identification attributes included in the CoA Disconnect-Request must

match a session or the device returns a Disconnect-NAK or CoA-NAK with

the “Invalid Attribute Value” error-code attribute.

Dell EMC Networking supports the following attributes in responses:

• User-Name (IETF attribute #1)

• State (IETF attribute #24)

• Calling-Station-ID (IETF attribute #31)

• Acct-Session-ID (IETF attribute #44)

• Message-Authenticator (IETF attribute #80)

• Error-Cause (IETF attribute #101)

A CoA NAK message is not sent for all CoA requests with a key mismatch.

The message is sent only for the first three requests for a client. After that, all

the packets from that client are dropped. When there is a key mismatch, the

response authenticator sent with the CoA NAK message is calculated from a

dummy key value.

The Dell EMC Networking switch starts listening to the client again based on

reauthentication timer.

Refer to the RADIUS Change of Authorization section in the Users

Configuration Guide for examples of configuring RADIUS CoA.

Commands in this Section

This section explains the following commands:

acct-port primary radius server source-ip