Concept Guide
Serial
Number
Error-cause Scenarios
• DM requests containing attributes other than NAS/Session identication attributes.
2 Invalid Attribute Value(407)
• CoA or DM request containing the incorrect NAS-Port, calling-station-id, and
Vendor-Specic attribute values.
3 NAS Identication
Mismatch(403)
• CoA request containing NAS-IP-Address or NAS-IPV6-Address that does not
match NAS.
4 Administratively Prohibited(501)
• NAS is congured to ignore the CoA or DM request. Also, dot1x is not congured on
the NAS-Port.
5 Session Context Not
Found(503)
• CoA or DM request containing session identication attributes that does not match
any of the NAS user sessions.
6 Resource Unavailable(506)
• Internal CoA or DM message processing errors.
7 Missing Attribute(402)
• CoA or DM request without Vendor-specic attribute or invalid Vendor-specic
attribute.
• CoA with re-authenticate or terminate request not containing calling-station-id or
NAS-Port attribute.
• CoA with disable-port or bounce-port request not containing NAS-Port attribute.
• DM request not containing user-name attribute.
CoA Packet Processing
This section lists various actions that the NAS performs during CoA packet processing.
The following activities are performed by NAS:
• responds with CoA-Nak, if no matching session is found for the session identication attributes in CoA; Error-Cause value is “Session
Context Not Found” (503).
• responds with CoA-Nak, for any internal processing error in NAS; Error-Cause value is “Resources Unavailable” (506).
• ignores attributes that are supported as per RFC but irrelevant to the CoA operations.
• responds to a CoA-Request containing one or more incorrect attribute values with a CoA-Nak; Error-Cause value is “Invalid Attribute
Value” (407).
NOTE
:
The Invalid Attribute Value Error-Cause is applicable to following scenarios:
– if the CoA request contains incorrect Vendor-Specic attribute value.
– if the CoA request contains incorrect NAS-port or calling-station-id values.
• rejects the CoA-Request containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match the NAS with a CoA-Nak;
Error-Cause value is “NAS Identication Mismatch” (403).
• responds with a CoA-Nak, if it is congured to prohibit honoring of corresponding CoA-Request messages; Error-Cause value is
“Administratively Prohibited” (501).
NOTE
:
The Administratively Prohibited Error-Cause is also applicable to following scenarios:
– if the dot1x feature is not enabled in the NAS-port.
– if the NAS-port state is administratively down.
Security 763