Reset Search
 

 

Article

ERS 4800: CoA not Working

« Go Back

Information

 
TitleERS 4800: CoA not Working
Symptoms
  • Device not honoring the "Disconnect-Request" send by the RADIUS Server
  • Packet Captures shows "Disconnect-NAK" packet being sent by the switch
  • The "Attribute Value Pairs" shows the 'Error-Cause' as "Administratively Prohibited (501)"
  • Disconnect-NAK or Negative Acknowledgement is usually sent when all the parameters do not match their expected value at the NAS
  • "Administratively Prohibited" is a fatal error sent if the NAS is configured to prohibit honoring of Request messages for the specified session.
  • Below is the snippet of the communication between RADIUS Server and NAS
User-added image
Environment
  • ERS 4800
  • Running Software Version 5.12.3.011
Cause
The issue is due to missing configuration at the port level.
Resolution
Add below two commands at the port level to fix the issue:
eapol port <PORT_#> radius-dynamic-server enable
eapol port <PORT_#> status auto re-authentication enable
Below is how the  RADIUS dynamic-server global configuration looks like:
radius dynamic-server client 10.65.0.200
radius dynamic-server client 10.65.0.200 port 3799
! radius dynamic-server client 10.65.0.200 secret ****************
! radius dynamic-server client 10.65.0.200 enable
radius dynamic-server client 10.65.0.200 process-change-of-auth-requests
where 10.65.0.200 is the IP address of the RADIUS Server
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255