Controller Based WLANs

Q:

What happens if a server sends incorrect attribute while sending a COA - Disconnect-Request?

Using RFC 3576, "Disconnect-Req" can be sent to the users to terminate their session. There are set of attributes that will be sent to the Controller when sending "Disconnect-Req" message and it needs to be in specific format as described below.

1) User-Name: the username used in authentication, i.e. the username shown in user-table
2) Framed-IP-Address: user's IP address
3) Calling-Station-ID: MAC address of user without the delimiter ":"
4) Accounting-Session-ID: Unique accounting session id for that user

Controller will return a "Disconnect-NAK" if any of the above attributes are not in the mentioned format or if the user is not present in the user-table.

Example below for such an instance:

1. Sever sends a Disconnect-Req with Attribute 'calling-station-id'.

2. Controller sends Disconnect-NAK to the server.

• From Controller's user and security debug, following error is seen.

"Jun 20 17:49:56 :520001:  <DBUG> |authmgr|  [rc_rfc3576.c:683] IP:0.0.0.0, Name:d0:25:98:b3:5b:6b sessid=<>, sta_id=d0:25:98:b3:5b:6b, reqcode=40, rspcode=42,  nack=1, error_cause=missing session"

• Further debugging this on the Controller and Server end, it was found the format in 'calling-station-id' attribute was inccorect.
• 'Calling-sation-id' in the radius packet sent from the Controller was of the format 'd02598b35b6b', wherease 'Calling-station-id' from Server in "Disconnect-Req" was in format 'd0:25:98:b3:5b:6b'.
• For the same reason, "Disconnect-Req" failed as attributes were not in expected format.