Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

751

752

753

754

755

756

757

758

759

760

CoA or DM Discard

This section lists various actions that the NAS performs during CoA or DM discard.

The following activities are performed by NAS:

• discards the packet, if dynamic authorization feature is not enabled in NAS.

• discards the packet, if the congured shared key entry is not found for the source IP address of the packet.

• discards the packet with invalid code eld. NAS supports the following radius codes.

– Disconnect-Request (40)

– CoA-Request (43)

• discards the duplicate packets, if NAS is currently processing the original packet. NAS identies the duplicate packet with the following

elds:

– Source IP address

– Source UDP port

– Identier

– VRF ID

• discards the packets, if length of the packet is shorter than the length eld value.

• discards the packets, if length of the packet is shorter than 20 or longer than 4096.

• discards the packets, if request authenticator does not match the calculated MD5 checksum. NAS calculates the MD5 hash using

following elds from the request:

– Code

– Identier

– Length

– 16 Zero Octets

– Request Attributes

– Shared secret (based on the source IP address of the packet)

• discards the packets, if the message-authenticator received in the request is invalid. The message-authenticator is calculated using the

following elds:

– Code Type

– Identier

– Length

– Request Authenticator

– Attributes

Disconnect Message Processing

This section lists various actions that the NAS performs during DM processing.

The following activities are performed by NAS:

• responds with DM-Nak, if no matching session is found in NAS for the session identication attributes in DM; Error-Cause value is

“Session Context Not Found” (503).

• responds with DM-Nak for any internal processing error in NAS; Error-Cause value is “Resources Unavailable” (506).

• ignores attributes that are supported as per RFC but are irrelevant to the DM operation.

• responds to a disconnect message containing one or more incorrect attributes values with a Disconnect-NAK; Error-Cause value is

“Invalid Attribute Value” (407).

• responds to a disconnect message containing unsupported attributes with DM-Nak; Error-Cause value is “Unsupported Attributes”

(401).

Security

759