Possible reasons for controller sending a Disconnect-NAK


What happens if a server sends incorrect attribute while sending a COA - Disconnect-Request?


Using an RFC 3576 server we can send Disconnect-Req to users to terminate their session. There are specific attributes that needs to be sent to the controller in a Disconnect-Req message which also needs to be in proper format.

Below are the attributes:


1) User-Name: the username used in authentication, i.e. the username shown in user-table
2) Framed-IP-Address: user's IP address
3) Calling-Station-ID: MAC address of user without the delimiter ":"
4) Accounting-Session-ID: Unique accounting session id for that user


Controller will return a Disconnect-NAK if any of the above attributes are not in proper format or if the user is not present in the user-table.


Below is the example of such an instance:


1. Sever sends a Disconnect-Req with Attribute 'calling-station-id'.


2. Controller sends Disconnect-NAK to the server.


On controller if we enable debugging for user and security we can see the error:

"Jun 20 17:49:56 :520001:  <DBUG> |authmgr|  [rc_rfc3576.c:683] IP:, Name:d0:25:98:b3:5b:6b sessid=<>, sta_id=d0:25:98:b3:5b:6b, reqcode=40, rspcode=42,  nack=1, error_cause=missing session"


Upon debugging on controller and server we found that the format of the attribute 'calling-station-id' was wrong.

Controller was sending the 'calling-sation-id' in the radius packet of the format 'd02598b35b6b' but server sent 'calling-station-id' in Disconnect-Req in format 'd0:25:98:b3:5b:6b'.

So from the above we can see that Disconnect-Req fails when attributes are not in proper format. Also we will see the same message if the user is not present in user-table.

Version history
Revision #:
2 of 2
Last update:
‎07-21-2016 02:16 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: