Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048T-ON

871

872

873

874

875

876

877

878

879

880

NOTE:

The Invalid Attribute Value Error-Cause is applicable to following scenarios:

– if the CoA request contains incorrect Vendor-Specic attribute value.

– if the CoA request contains incorrect NAS-port or calling-station-id values.

• rejects the CoA-Request containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match the NAS with a CoA-Nak;

Error-Cause value is “NAS Identication Mismatch” (403).

• responds with a CoA-Nak, if it is congured to prohibit honoring of corresponding CoA-Request messages; Error-Cause value is

“Administratively Prohibited” (501).

NOTE:

The Administratively Prohibited Error-Cause is also applicable to following scenarios:

– if the dot1x feature is not enabled in the NAS-port.

– if the NAS-port state is administratively down.

CoA or DM Discard

This section lists various actions that the NAS performs during CoA or DM discard.

The following activities are performed by NAS:

• discards the packet, if dynamic authorization feature is not enabled in NAS.

• discards the packet, if the congured shared key entry is not found for the source IP address of the packet.

• discards the packet with invalid code eld. NAS supports the following radius codes.

– Disconnect-Request (40)

– CoA-Request (43)

• discards the duplicate packets, if NAS is currently processing the original packet. NAS identies the duplicate packet with the following

elds:

– Source IP address

– Source UDP port

– Identier

– VRF ID

• discards the packets, if length of the packet is shorter than the length eld value.

• discards the packets, if length of the packet is shorter than 20 or longer than 4096.

• discards the packets, if request authenticator does not match the calculated MD5 checksum. NAS calculates the MD5 hash using

following elds from the request:

– Code

– Identier

– Length

– 16 Zero Octets

– Request Attributes

– Shared secret (based on the source IP address of the packet)

• discards the packets, if the message-authenticator received in the request is invalid. The message-authenticator is calculated using the

following elds:

– Code Type

– Identier

– Length

– Request Authenticator

– Attributes

874

Security