What happens if a server sends incorrect attribute while sending a COA - Disconnect-Request?
Using an RFC 3576 server we can send Disconnect-Req to users to terminate their session. There are specific attributes that needs to be sent to the controller in a Disconnect-Req message which also needs to be in proper format.
Below are the attributes:
1) User-Name: the username used in authentication, i.e. the username shown in user-table 2) Framed-IP-Address: user's IP address 3) Calling-Station-ID: MAC address of user without the delimiter ":" 4) Accounting-Session-ID: Unique accounting session id for that user
Controller will return a Disconnect-NAK if any of the above attributes are not in proper format or if the user is not present in the user-table.
Below is the example of such an instance:
1. Sever sends a Disconnect-Req with Attribute 'calling-station-id'.
2. Controller sends Disconnect-NAK to the server.
On controller if we enable debugging for user and security we can see the error:
"Jun 20 17:49:56 :520001: <DBUG> |authmgr| [rc_rfc3576.c:683] IP:0.0.0.0, Name:d0:25:98:b3:5b:6b sessid=<>, sta_id=d0:25:98:b3:5b:6b, reqcode=40, rspcode=42, nack=1, error_cause=missing session"
Upon debugging on controller and server we found that the format of the attribute 'calling-station-id' was wrong.
Controller was sending the 'calling-sation-id' in the radius packet of the format 'd02598b35b6b' but server sent 'calling-station-id' in Disconnect-Req in format 'd0:25:98:b3:5b:6b'.
So from the above we can see that Disconnect-Req fails when attributes are not in proper format. Also we will see the same message if the user is not present in user-table.