Can't find what you need?

• Ask the Community
• Create a Case
Reset Search



Why do EXOS switches ignore Radius Disconnect Request and CoA?

« Go Back


TitleWhy do EXOS switches ignore Radius Disconnect Request and CoA?
Why EXOS switch ignores Radius Disconnect Request and CoA?
  • EXOS
  • NAC
  • Third-party RADIUS server
Per RFC5176:

When the Event-Timestamp Attribute is present, both the Dynamic Authorization Server and the Dynamic Authorization Client MUST check that the Event-Timestamp Attribute is current within an acceptable time window.  If the Event-Timestamp Attribute is not current, then the packet MUST be silently discarded.

Check the time on both EXOS switch and NAC and see if the they are in sync. If the time difference is more than 300s per RFC, adjust the time on both ends or synchronize the time using NTP

Another reason can also be a misconfigured radius dynamic-authorization secret. In that case nothing will be logged and the EXOS switch will just ignore the CoA request. There is no way to verify this, reconfiguring the secret would be the only to be sure.

configure radius dynamic-authorization 1 server client-ip vr VR-Mgmt shared-secret <secret>
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255