Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

811

812

813

814

815

816

817

818

819

820

Table 100. Error-cause Values (continued)

Serial

Number

Error-cause Scenarios

3 NAS Identification

Mismatch(403)

● CoA request containing NAS-IP-Address or NAS-IPV6-Address that does not

match NAS.

4 Administratively

Prohibited(501)

● NAS is configured to ignore the CoA or DM request. Also, dot1x is not

configured on the NAS-Port.

5 Session Context Not

Found(503)

● CoA or DM request containing session identification attributes that does not

match any of the NAS user sessions.

6 Resource Unavailable(506)

● Internal CoA or DM message processing errors.

7 Missing Attribute(402)

● CoA or DM request without Vendor-specific attribute or invalid Vendor-

specific attribute.

● CoA with re-authenticate or terminate request not containing calling-station-

id or NAS-Port attribute.

● CoA with disable-port or bounce-port request not containing NAS-Port

attribute.

● DM request not containing user-name attribute.

CoA Packet Processing

This section lists various actions that the NAS performs during CoA packet processing.

The following activities are performed by NAS:

● responds with CoA-Nak, if no matching session is found for the session identification attributes in CoA; Error-Cause value is

“Session Context Not Found” (503).

● responds with CoA-Nak, for any internal processing error in NAS; Error-Cause value is “Resources Unavailable” (506).

● ignores attributes that are supported as per RFC but irrelevant to the CoA operations.

● responds to a CoA-Request containing one or more incorrect attribute values with a CoA-Nak; Error-Cause value is “Invalid

Attribute Value” (407).

NOTE:

The Invalid Attribute Value Error-Cause is applicable to following scenarios:

○ if the CoA request contains incorrect Vendor-Specific attribute value.

○ if the CoA request contains incorrect NAS-port or calling-station-id values.

● rejects the CoA-Request containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match the NAS with a

CoA-Nak; Error-Cause value is “NAS Identification Mismatch” (403).

● responds with a CoA-Nak, if it is configured to prohibit honoring of corresponding CoA-Request messages; Error-Cause

value is “Administratively Prohibited” (501).

NOTE:

The Administratively Prohibited Error-Cause is also applicable to following scenarios:

○ if the dot1x feature is not enabled in the NAS-port.

○ if the NAS-port state is administratively down.

CoA or DM Discard

This section lists various actions that the NAS performs during CoA or DM discard.

The following activities are performed by NAS:

● discards the packet, if dynamic authorization feature is not enabled in NAS.

● discards the packet, if the configured shared key entry is not found for the source IP address of the packet.

● discards the packet with invalid code field. NAS supports the following radius codes.

Security

817