Administrator Guide

Table Of Contents
VRF ID
discards the packets, if length of the packet is shorter than the length field value.
discards the packets, if length of the packet is shorter than 20 or longer than 4096.
discards the packets, if request authenticator does not match the calculated MD5 checksum. NAS calculates the MD5 hash
using following fields from the request:
Code
Identifier
Length
16 Zero Octets
Request Attributes
Shared secret (based on the source IP address of the packet)
discards the packets, if the message-authenticator received in the request is invalid. The message-authenticator is
calculated using the following fields:
Code Type
Identifier
Length
Request Authenticator
Attributes
Disconnect Message Processing
This section lists various actions that the NAS performs during DM processing.
The following activities are performed by NAS:
responds with DM-Nak, if no matching session is found in NAS for the session identification attributes in DM; Error-Cause
value is Session Context Not Found (503).
responds with DM-Nak for any internal processing error in NAS; Error-Cause value is Resources Unavailable (506).
ignores attributes that are supported as per RFC but are irrelevant to the DM operation.
responds to a disconnect message containing one or more incorrect attributes values with a Disconnect-NAK; Error-Cause
value is Invalid Attribute Value (407).
responds to a disconnect message containing unsupported attributes with DM-Nak; Error-Cause value is Unsupported
Attributes (401).
NOTE:
Unsupported attributes are the ones that are not mentioned in the RFC 5176 but present in the disconnect
message that is received by the NAS.
rejects the disconnect message containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match NAS with
DM-Nak; Error-Cause value is NAS Identification Mismatch (403).
responds with a DM-Nak, if the NAS is configured to prohibit honoring of disconnect messages; Error-Cause value is
Administratively Prohibited (501).
Configuring DAC
You can configure trusted dynamic authorization clients (DACs).
This setting enables you to configure more than one DAC. Duplicate configurations are not allowed.
1. Enter the following command to enter dynamic authorization mode:
radius dynamic-auth
2. Enter the following command to configure DAC:
client host-name
Dell(conf-dynamic-auth#)client testhost
Configuring the port number
You can configure the port number on which the NAS receives CoA or DM requests.
This setting enables you to specify an optional port number on which to receive CoA or DM requests. The default value is 3799.
Enter the following command to configure the port number:
774
Security