Possible reasons for controller sending a Disconnect-NAK
What happens if a server sends incorrect attribute while sending a COA - Disconnect-Request?
Using RFC 3576, "Disconnect-Req" can be sent to the users to terminate their session. There are set of attributes that will be sent to the Controller when sending "Disconnect-Req" message and it needs to be in specific format as described below.
1) User-Name: the username used in authentication, i.e. the username shown in user-table 2) Framed-IP-Address: user's IP address 3) Calling-Station-ID: MAC address of user without the delimiter ":" 4) Accounting-Session-ID: Unique accounting session id for that user
Controller will return a "Disconnect-NAK" if any of the above attributes are not in the mentioned format or if the user is not present in the user-table.
Example below for such an instance:
1. Sever sends a Disconnect-Req with Attribute 'calling-station-id'.
2. Controller sends Disconnect-NAK to the server.
- From Controller's user and security debug, following error is seen.
"Jun 20 17:49:56 :520001: <DBUG> |authmgr| [rc_rfc3576.c:683] IP:0.0.0.0, Name:d0:25:98:b3:5b:6b sessid=<>, sta_id=d0:25:98:b3:5b:6b, reqcode=40, rspcode=42, nack=1, error_cause=missing session"
- Further debugging this on the Controller and Server end, it was found the format in 'calling-station-id' attribute was inccorect.
- 'Calling-sation-id' in the radius packet sent from the Controller was of the format 'd02598b35b6b', wherease 'Calling-station-id' from Server in "Disconnect-Req" was in format 'd0:25:98:b3:5b:6b'.
- For the same reason, "Disconnect-Req" failed as attributes were not in expected format.