Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

Why do EXOS switches ignore Radius Disconnect Request and CoA?

« Go Back

Information

 
TitleWhy do EXOS switches ignore Radius Disconnect Request and CoA?
Question
Why EXOS switch ignores Radius Disconnect Request and CoA?
Environment
  • EXOS
  • NAC
  • Third-party RADIUS server
Answer
Per RFC5176:

When the Event-Timestamp Attribute is present, both the Dynamic Authorization Server and the Dynamic Authorization Client MUST check that the Event-Timestamp Attribute is current within an acceptable time window.  If the Event-Timestamp Attribute is not current, then the packet MUST be silently discarded.

Check the time on both EXOS switch and NAC and see if the they are in sync. If the time difference is more than 300s per RFC, adjust the time on both ends or synchronize the time using NTP

Another reason can also be a misconfigured radius dynamic-authorization secret. In that case nothing will be logged and the EXOS switch will just ignore the CoA request. There is no way to verify this, reconfiguring the secret would be the only to be sure.

configure radius dynamic-authorization 1 server 10.116.2.202 client-ip 10.116.3.48 vr VR-Mgmt shared-secret <secret>
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255