Reset Search



ERS 4800: CoA not Working

« Go Back


TitleERS 4800: CoA not Working
  • Device not honoring the "Disconnect-Request" send by the RADIUS Server
  • Packet Captures shows "Disconnect-NAK" packet being sent by the switch
  • The "Attribute Value Pairs" shows the 'Error-Cause' as "Administratively Prohibited (501)"
  • Disconnect-NAK or Negative Acknowledgement is usually sent when all the parameters do not match their expected value at the NAS
  • "Administratively Prohibited" is a fatal error sent if the NAS is configured to prohibit honoring of Request messages for the specified session.
  • Below is the snippet of the communication between RADIUS Server and NAS
User-added image
  • ERS 4800
  • Running Software Version
The issue is due to missing configuration at the port level.
Add below two commands at the port level to fix the issue:
eapol port <PORT_#> radius-dynamic-server enable
eapol port <PORT_#> status auto re-authentication enable
Below is how the  RADIUS dynamic-server global configuration looks like:
radius dynamic-server client
radius dynamic-server client port 3799
! radius dynamic-server client secret ****************
! radius dynamic-server client enable
radius dynamic-server client process-change-of-auth-requests
where is the IP address of the RADIUS Server
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255