Possible reasons for controller sending a Disconnect-NAK

MVP Expert
MVP Expert

What happens if a server sends incorrect attribute while sending a COA - Disconnect-Request?


Using RFC 3576, "Disconnect-Req" can be sent to the users to terminate their session. There are set of attributes that will be sent to the Controller when sending "Disconnect-Req" message and it needs to be in specific format as described below.


1) User-Name: the username used in authentication, i.e. the username shown in user-table
2) Framed-IP-Address: user's IP address
3) Calling-Station-ID: MAC address of user without the delimiter ":"
4) Accounting-Session-ID: Unique accounting session id for that user


Controller will return a "Disconnect-NAK" if any of the above attributes are not in the mentioned format or if the user is not present in the user-table.


Example below for such an instance:


1. Sever sends a Disconnect-Req with Attribute 'calling-station-id'.



2. Controller sends Disconnect-NAK to the server.



  • From Controller's user and security debug, following error is seen.


"Jun 20 17:49:56 :520001:  <DBUG> |authmgr|  [rc_rfc3576.c:683] IP:, Name:d0:25:98:b3:5b:6b sessid=<>, sta_id=d0:25:98:b3:5b:6b, reqcode=40, rspcode=42,  nack=1, error_cause=missing session"


  • Further debugging this on the Controller and Server end, it was found the format in 'calling-station-id' attribute was inccorect.
  • 'Calling-sation-id' in the radius packet sent from the Controller was of the format 'd02598b35b6b', wherease 'Calling-station-id' from Server in "Disconnect-Req" was in format 'd0:25:98:b3:5b:6b'.
  • For the same reason, "Disconnect-Req" failed as attributes were not in expected format. 
Version history
Revision #:
4 of 4
Last update:
‎02-06-2019 03:41 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: