RADIUS CoA and disconnect message attributes

Subscriber host identification attributes

CoA and Disconnect Message: subscriber host identification attributes details the different attributes that can be used in a CoA and Disconnect Message to identify one or multiple subscriber hosts.

Table 1. CoA and Disconnect Message: subscriber host identification attributes
# (priority) Attribute ID Attribute name Notes Identifies

1NAS-Port-Id + single address/prefix attribute1, 2

87

NAS-Port-Id

+ IP address or prefix

Single host3

8

Framed-IP-Address

+ [87] NAS-Port-Id

Single IPv4 host3

26.6527.99

Alc-Ipv6-Address

+ [87] NAS-Port-Id

Single IPv6 host (IA_NA)3

97

Framed-Ipv6-Prefix

+ [87] NAS-Port-Id

Single IPv6 host (SLAAC)3

123

Delegated-Ipv6-Prefix

+ [87] NAS-Port-Id

Single IPv6 host (IA_PD)3

2

44

Acct-Session-Id

(number format)

Host acct-session-id

Single host3

Queue instance acct-session-id

All hosts attached to this SLA profile instance4

Session acct-session-id

All hosts of the dual stack PPPoE or IPoE session

3

26.6527.

225

Alc-BRG-Id

Updates the BRG and all sessions attached to this BRG.

4

26.6527.11

Alc-Subsc-ID-Str

All hosts of the corresponding subscriber4
51

26.6527.

100

or

241.26.6527.

88

Alc-Serv-Id

or

Alc-Serv-Name

+ [8] Framed-IP-Address

Single IPv4 host5

8

Framed-IP-Address

+ [26.6527.100] Alc-Serv-Id

Single IPv4 host5
66

1

User-Name

All hosts matching the User-Name4

1

User-Name

+ [8] Framed-IP-Address

Single IPv4 host3

1

User-Name

+ [26.6527.99] Alc-Ipv6-Address

Single IPv6 host (IA_NA)3

1

User-Name

+ [97] Framed-Ipv6-Prefix

Single IPv6 host (SLAAC)3

1

User-Name

+ [123] Delegated-Ipv6-Prefix

Single IPv6 host (IA_PD)3
1 See CoA and Disconnect Message: additional rules for wholesale/retail subscriber host identification attributes in a retail service for additional rules to target a wholesale/retail subscriber host in a retail service.
2 For a CoA with as key NAS-Port-Id + IP address/prefix, the NAS-Port-Id is used to lookup the service context and the IP address/prefix is used to lookup the subscriber host within the service. If multiple hosts in the resulting service have the same IP address/prefix (such as in a Layer 2–aware NAT scenario), then the first found host is identified. To make the selection of the host deterministic, the MAC address of one of the hosts can be included with the [26.6527.27] Alc-Client-Hardware-Addr to target that single host.
3 Although a single host is identified, the CoA or Disconnect Message applies to all hosts of a dual stack PPPoE session or IPoE session (if enabled).
4 A maximum of 32 hosts can be targeted in a single CoA or Disconnect Message. When more than 32 hosts are identified, the CoA and Disconnect Message is rejected with [101] Error-Cause attribute value 501 (Administratively Prohibited).
5 If multiple hosts share the same IP in the specified service, then the CoA is rejected (NAK).
6 For a CoA with as key User-Name + IP address/prefix, the User-Name is used to lookup the service context and the IP address/prefix is used to lookup the subscriber host within the service. If multiple hosts in the resulting service have the same IP address/prefix (such as in a Layer 2–aware NAT scenario), then the CoA is rejected. To make the selection of the host deterministic, the MAC address of one of the hosts can be included with the [26.6527.27] Alc-Client-Hardware-Addr to target a single host.

Typically, only a single attribute or set of attributes is used to target a host or a number of hosts: ‟NAS-Port-Id + IP” or ‟Acct-Session-Id” or ‟Alc-Subsc-ID-Str”. If both ‟NAS-Port-Id + IP” and ‟Acct-Session-Id” attributes are specified to identify subscriber hosts, only the host identified by ‟NAS-Port-Id + IP” is targeted. If the identified host is not part of the hosts that would be identified by the ‟Acct-Session-Id” attribute, then the CoA is NAK’d with [101] Error-Cause attribute value 503 Session Context Not Found.

Example:

Change of Authorization(43) id 224 len 81 from 192.168.1.1:32772 vrid 1
    SESSION ID [44] 22 24ADFF0000003D5107AB80   # priority 2
    NAS PORT ID [87] 12 lag-1:10.300            # priority 1
    FRAMED IP ADDRESS [8] 4 10.1.2.251         # priority 1
    VSA [26] 15 Alcatel(6527)
      SLA PROF STR [13] 13 sla-profile-1

The CoA targets the host identified with the combination of [87] NAS-Port-Id and [8] Framed-IP-Address (prio 1) only if the host is also identified by [44] Acct-Session-Id (prio 2), else the CoA is NAK’d.

Following attributes are accepted only if the CoA is targeted to a single host as shown in CoA and Disconnect Message: subscriber host identification attributes:

  • [26.6527.14] Alc-Force-Renew

  • [26.6527.15] Alc-Create-Host

  • [26.6527.98] Alc-Force-Nak

  • [26.6527.130] Alc-AA-Transit-IP

CoA and Disconnect Message: additional rules for wholesale/retail subscriber host identification attributes in a retail service details the rules in addition to CoA and Disconnect Message: subscriber host identification attributes for identification attributes in a CoA or Disconnect Message when targeting a wholesale/retail subscriber host in a retail service.

Table 2. CoA and Disconnect Message: additional rules for wholesale/retail subscriber host identification attributes in a retail service
Wholesale / retail subscriber host # (Priority) Attribute ID Attribute name Additional rule

PPPoE

with or without private-retail-subnets

1

NAS-Port-Id

+ single address/ prefix attribute

+ Alc-Retail-Serv-Id

or Alc-Retail-Serv-Name

87

NAS-Port-Id

Must include [26.6527.17] Alc-Retail-Serv-Id or [241.26.6527.89] Alc-Retail-Serv-Name

Note: When the host was setup from RADIUS using the Alc-Retail-Serv-Name, the CoA must also use the Alc-Retail-Serv-Name.

8

26.6527.99

97

123

Framed-IP-Address

Alc-Ipv6-Address

Framed-Ipv6-Prefix

Delegated-Ipv6-Prefix

26.6527.17

241.26.6527.89

Alc-Retail-Serv-Id

Alc-Retail-Serv-Name

IPoE

without private-retail-subnets

1

NAS-Port-Id

+ single address/ prefix attribute

87

NAS-Port-Id

Must not include [26.6527.17] Alc-Retail-Serv-Id nor [241.26.6527.89] Alc-Retail-Serv-Name

8

26.6527.99

97

123

Framed-IP-Address

Alc-Ipv6-Address

Framed-Ipv6-Prefix

Delegated-Ipv6-Prefix

IPoE

with private-retail-subnets

1

NAS-Port-Id

+ single address/ prefix attribute

+ Alc-Client-Hardware-Addr

87

NAS-Port-Id

Must not include [26.6527.17] Alc-Retail-Serv-Id nor [241.26.6527.89] Alc-Retail-Serv-Name

8

26.6527.99

97

123

Framed-IP-Address

Alc-Ipv6-Address

Framed-Ipv6-Prefix

Delegated-Ipv6-Prefix

26.6527.27

Alc-Client-Hardware-Addr

PPPoE

without private-retail-subnets

5

Alc-Serv-Id or Alc-Serv-Name

+ Framed-IP-Address

26.6527.100

241.26.6527.88

Alc-Serv-Id

Alc-Serv-Name

[26.6527.100] Alc-Serv-ID must reference the subscriber wholesale service ID

[241.26.6527.88] Alc-Serv-Name must reference the subscriber wholesale service name.

Note: When the host was setup from RADIUS using the Alc-Retail-Serv-Name, the CoA must use the Alc-Serv-Name.

8

Framed-IP-Address

PPPoE

with private-retail-subnets

5

Alc-Serv-Id or Alc-Serv-Name

+ Framed-IP-Address

26.6527.100

241.26.6527.88

Alc-Serv-Id

Alc-Serv-Name

[26.6527.100] Alc-Serv-ID must reference the subscriber retail service ID

[241.26.6527.88] Alc-Serv-Name must reference the subscriber retail service name.

Note: When the host was setup from RADIUS using the Alc-Retail-Serv-Name, the CoA must use the Alc-Serv-Name.

8

Framed-IP-Address

IPoE

without private-retail-subnets

5

Alc-Serv-Id or Alc-Serv-Name

+ single address/ prefix attribute

26.6527.100

241.26.6527.88

Alc-Serv-Id

Alc-Serv-Name

[26.6527.100] Alc-Serv-ID must reference the subscriber wholesale service ID

[241.26.6527.88] Alc-Serv-Name must reference the subscriber wholesale service name.

Note: When the host was setup from RADIUS using the Alc-Retail-Serv-Name, the CoA must use the Alc-Serv-Name.

8

26.6527.99

97

123

Framed-IP-Address

Alc-Ipv6-Address

Framed-Ipv6-Prefix

Delegated-Ipv6-Prefix

IPoE

with private-retail-subnets

5

Alc-Serv-Id or Alc-Serv-Name

+ Framed-IP-Address

+ Alc-Client-Hardware-Addr

26.6527.100

241.26.6527.88

Alc-Serv-Id

Alc-Serv-Name

[26.6527.100] Alc-Serv-ID must reference the subscriber wholesale service ID

[241.26.6527.88] Alc-Serv-Name must reference the subscriber wholesale service name.

Note: When the host was setup from RADIUS using the Alc-Retail-Serv-Name, the CoA must use the Alc-Serv-Name.

8

Framed-IP-Address

26.6527.27

Alc-Client-Hardware-Addr

PPPoE

with or without private-retail-subnets

6

User-Name+ single address/ prefix attribute

1

User-Name

Username targets all wholesale/retail hosts with the same username. Username with IP address/prefix can target a more specific host.

8

26.6527.99

97

123

Framed-IP-Address

Alc-Ipv6-Address

Framed-Ipv6-Prefix

Delegated-Ipv6-Prefix

IPoE

without private-retail-subnets

6

User-Name+ single address/ prefix attribute

1

User-Name

Username targets all wholesale/retail hosts with the same username. Username with IP address/prefix can target a more specific host.

8

26.6527.99

97

123

Framed-IP-Address

Alc-Ipv6-Address

Framed-Ipv6-Prefix

Delegated-Ipv6-Prefix

IPoE

with private-retail-subnets

6

User-Name+ single address/ prefix attribute

1

User-Name

Username targets all wholesale/retail hosts with the same username. Username with IP address/prefix can target a more specific host.

8

26.6527.99

97

123

Framed-IP-Address

Alc-Ipv6-Address

Framed-Ipv6-Prefix

Delegated-Ipv6-Prefix

WLAN-GW migrant users identification attributes

CoA and Disconnect Message: WLAN-GW migrant users identification attributes details the attribute that can be used in a CoA and Disconnect Message to target migrant users. A Disconnect Message removes any existing migrant state for the specified UE. A CoA can only be sent for a UE in portal state to trigger the creation of an ESM or DSM user. In contrast to most CoAs this update is not incremental: the CoA must include all required authentication attributes to create the user. The applicability of attributes is the same as for an Access-Accept message in an authentication procedure.

Table 3. CoA and Disconnect Message: WLAN-GW migrant users identification attributes
Attribute ID Attribute name Notes

1

User-Name

Must be MAC format

DSM UE identification attributes

CoA and Disconnect Message: DSM UE identification attributes details the different attributes that can be used in a CoA and Disconnect Message to identify a single DSM UE.

Table 4. CoA and Disconnect Message: DSM UE identification attributes
# (priority) Attribute ID Attribute name Notes

1

44

Acct-Session-Id

2

1

User-Name

Must be MAC format

IPsec tunnel identification attributes

Disconnect Message: IPsec tunnel identification attributes details the different attributes that can be used in a Disconnect Message to identify one or multiple IKEv2 remote-access tunnels.

Table 5. Disconnect Message: IPsec tunnel identification attributes
ID method7 Attribute ID Attribute Name Notes Identifies

1

87

NAS-Port-Id

NAS-Port-Id+

Alc-IPsec-Serv-Id +

a single IP Address or IPv6 Prefix attribute

Single IPsec Tunnel

26.6527.61

Alc-IPSec-Serv-Id

8

97

Framed-IP-Address

Framed-IPv6-Prefix

2

44

Acct-Session-Id

Single IPsec Tunnel for a public service

3

1

User-Name

All IPsec Tunnels with the User-Name as the IDi8
1 Only one of the three identification methods should be used in a Disconnect Request, otherwise the system rejects it by sending a Disconnect-NAK with [101] Error-Cause value set to 404 (Invalid Request).
2 If there are multiple tunnels having the specified IDi, then all these tunnels are terminated.

Dynamic data services identification attributes

This section details the attributes that can be used in a CoA and Disconnect Message to identify Dynamic Data Services associated with a dynamic service data trigger. To identify Dynamic Data Services associated with an Enhanced Subscriber Management (ESM) control channel, the CoA and Disconnect Messages must be sent to the control channel. See section "Subscriber host identification attributes" for attributes that can be used as key.

CoA and Disconnect Message: data triggered dynamic services identification attributes lists the attributes that can be used in a CoA and Disconnect Message to identify one or multiple Dynamic Data Services associated with a dynamic service data trigger.

Table 6. CoA and Disconnect Message: data triggered dynamic services identification attributes
Attribute ID Attribute name Identifies

44

Acct-Session-Id

Accounting session ID of a dynamic services data trigger (can be displayed with "show service dynamic-services data-triggers [sap sap-id]"):

  • Identifies a single dynamic service.

  • Modify and Teardown actions are supported in CoA.

  • Only a single dynamic service is deleted with a Disconnect Message.

Accounting session ID of a dynamic services sap associated with a dynamic services data trigger (can be displayed with "show service dynamic-services saps summary [sap sap-id]"):

  • Identifies a single dynamic service.

  • Modify and Teardown actions are supported in CoA.

  • The identified dynamic service is deleted with a Disconnect Message.

87

NAS-Port-Id

Targets a dynamic services sap-id:

  • Identifies a single dynamic service.

  • Modify and Teardown actions are supported in CoA.

  • The identified dynamic service is deleted with a Disconnect Message.

Note - If the sap-id corresponds with the sap-id of a dynamic services data trigger, then all dynamic data services associated with that data trigger are deleted in case of a Teardown action in CoA or a Disconnect Message.

Overview of CoA attributes

RADIUS CoA message supported attributes provides an overview of all attributes that are supported in a RADIUS Change of Authorization (CoA) message. For attribute details, see the other sections in this document.

Table 7. RADIUS CoA message supported attributes
Attribute ID Attribute name

1

User-Name

6

Service-Type

7

Framed-Protocol

8

Framed-IP-Address

25

Class

27

Session-Timeout

28

Idle-Timeout

30

Called-Station-Id

31

Calling-Station-Id

44

Acct-Session-Id

61

NAS-Port-Type

85

Acct-Interim-Interval

87

NAS-Port-Id

92

NAS-Filter-Rule

97

Framed-IPv6-Prefix

100

Framed-IPv6-Pool

101

Error-Cause

123

Delegated-IPv6-Prefix

26.529.242

Ascend-Data-Filter

26.2352.1

Client-DNS-Pri

26.2352.2

Client-DNS-Sec

26.2352.99

RB-Client-NBNS-Pri

26.2352.100

RB-Client-NBNS-Sec

26.4874.4

ERX-Primary-Dns

26.4874.5

ERX-Secondary-Dns

26.4874.6

ERX-Primary-Wins

26.4874.7

ERX-Secondary-Wins

26.4874.47

ERX-Ipv6-Primary-Dns

26.4874.48

ERX-Ipv6-Secondary-Dns

26.6527.9

Alc-Primary-Dns

26.6527.10

Alc-Secondary-Dns

26.6527.11

Alc-Subsc-ID-Str

26.6527.12

Alc-Subsc-Prof-Str

26.6527.13

Alc-SLA-Prof-Str

26.6527.14

Alc-Force-Renew

26.6527.15

Alc-Create-Host

26.6527.16

Alc-ANCP-Str

26.6527.17

Alc-Retail-Serv-Id

26.6527.18

Alc-Default-Router

26.6527.27

Alc-Client-Hardware-Addr

26.6527.28

Alc-Int-Dest-Id-Str

26.6527.29

Alc-Primary-Nbns

26.6527.30

Alc-Secondary-Nbns

26.6527.35

Alc-PPPoE-Service-Name

26.6527.45

Alc-App-Prof-Str

26.6527.95

Alc-Credit-Control-CategoryMap

26.6527.96

Alc-Credit-Control-Quota

26.6527.98

Alc-Force-Nak

26.6527.99

Alc-Ipv6-Address

26.6527.100

Alc-Serv-Id

26.6527.103

Alc-ToClient-Dhcp-Options

26.6527.105

Alc-Ipv6-Primary-Dns

26.6527.106

Alc-Ipv6-Secondary-Dns

26.6527.122

Alc-LI-Action

26.6527.123

Alc-LI-Destination

26.6527.124

Alc-LI-FC

26.6527.125

Alc-LI-Direction

26.6527.126

Alc-Subscriber-QoS-Override

26.6527.130

Alc-AA-Transit-IP

26.6527.132

Alc-Access-Loop-Rate-Down

26.6527.134

Alc-Subscriber-Filter

26.6527.136

Alc-Onetime-Http-Redirection-Filter-Id

26.6527.137

Alc-Authentication-Policy-Name

26.6527.138

Alc-LI-Intercept-Id

26.6527.139

Alc-LI-Session-Id

26.6527.151

Alc-Sub-Serv-Activate

26.6527.152

Alc-Sub-Serv-Deactivate

26.6527.153

Alc-Sub-Serv-Acct-Stats-Type

26.6527.154

Alc-Sub-Serv-Acct-Interim-Ivl

26.6527.158

Alc-Nas-Filter-Rule-Shared

26.6527.159

Alc-Ascend-Data-Filter-Host-Spec

26.6527.160

Alc-Relative-Session-Timeout

26.6527.164

Alc-Dyn-Serv-SAP-Id

26.6527.165

Alc-Dyn-Serv-Script-Params

26.6527.166

Alc-Dyn-Serv-Script-Action

26.6527.167

Alc-Dyn-Serv-Policy

26.6527.168

Alc-Dyn-Serv-Acct-Interim-Ivl-1

26.6527.169

Alc-Dyn-Serv-Acct-Interim-Ivl-2

26.6527.170

Alc-Dyn-Serv-Acct-Stats-Type-1

26.6527.171

Alc-Dyn-Serv-Acct-Stats-Type-2

26.6527.174

Alc-Lease-Time

26.6527.177

Alc-Portal-Url

26.6527.178

Alc-Ipv6-Portal-Url

26.6527.179

Alc-GTP-Local-Breakout

26.6527.181

Alc-SLAAC-IPv6-Pool

26.6527.182

Alc-AA-Sub-Http-Url-Param

26.6527.185

Alc-Onetime-Http-Redirect-Reactivate

26.6527.186

Alc-Wlan-Dsm-Ot-Http-Redirect-Url

26.6527.187

Alc-Wlan-Dsm-Ip-Filter

26.6527.188

Alc-Wlan-Dsm-Ingress-Policer

26.6527.189

Alc-Wlan-Dsm-Egress-Policer

26.6527.192

Alc-ToClient-Dhcp6-Options

26.6527.193

Alc-AA-App-Service-Options

26.6527.200

Alc-v6-Preferred-Lifetime

26.6527.201

Alc-v6-Valid-Lifetime

26.6527.202

Alc-Dhcp6-Renew-Time

26.6527.203

Alc-Dhcp6-Rebind-Time

26.6527.217

Alc-UPnP-Sub-Override-Policy

26.6527.220

Alc-Home-Aware-Pool

26.6527.221

Alc-DMZ-Address

26.6527.223

Alc-Reserved-Addresses

26.6527.224

Alc-BRG-Profile

26.6527.225

Alc-BRG-Id

26.6527.228

Alc-Trigger-Acct-Interim

26.6527.232

Alc-Acct-Interim-lvl

26.6527.233

Alc-Tunnel-Qos-Override

26.6527.234

Alc-DNAT-Override

26.6527.235

Alc-BRG-DHCP-Streaming-Dest

26.6527.236

Alc-Host-DHCP-Streaming-Disabled

26.6527.238

Alc-Remove-Override

26.6527.241

Alc-Per-Host-Port-Range

26.6527.242

Alc-Radius-Py

26.6527.243

Alc-LI-Use-Outside-Ip

241.26.6527.3

Alc-PPPoE-Client-Policy

241.26.6527.4

Alc-PPPoE-Client-Username

241.26.6527.5

Alc-PPPoE-Client-Password

241.26.6527.16

Alc-IPv6-Router-Adv-Policy

241.26.6527.17

Alc-Nat-Outside-IPs

241.26.6527.18

Alc-Mld-Import-Policy

241.26.6527.22

Alc-Bonding-Reference-Rate

241.26.6527.24

Alc-IPv6-DMZ-Enabled

241.26.6527.25

Alc-Steering-Profile

241.26.6527.26

Alc-Aa-Sub-Scope

241.26.6527.35

Alc-Mld-Import-Policy-Modif

241.26.6527.37

Alc-VAS-IPv4-Filter

241.26.6527.38

Alc-VAS-NSH-IPv4-Opaque-Meta-Data

241.26.6527.39

Alc-Static-Port-Forward

241.26.6527.40

Alc-IPv6-Slaac-Replacement-Prefix

241.26.6527.47

Alc-SPI-Sharing-Id

241.26.6527.48

Alc-Change-Reporting-Action

241.26.6527.62

Alc-Host-DNAT-Override

241.26.6527.71

Alc-Host-DNAT-Default-Address-Override

241.26.6527.88

Alc-Serv-Name

241.26.6527.89

Alc-Retail-Serv-Name

245.26.6527.5

Alc-Spi-Host-And-Session-Limits

245.26.6527.6

Alc-Sub-Host-And-Session-Limits

245.26.6527.7 Alc-Subscriber-Filter-Name

[101] Error-Cause attribute values

RADIUS CoA Message [101] Error-Cause values provides an overview of the [101] Error-Cause attribute values as defined in RFC 5176 and lists if they are generated in SR OS.

Table 8. RADIUS CoA Message [101] Error-Cause values
Code CoA Error Cause Description

SR OS

201

Residual Session Context Removed

Residual Session Context Removed is sent in response to a Disconnect-Request if one or more user sessions are no longer active, but residual session context was found and successfully removed. This value is only sent within a Disconnect-ACK and must not be sent within a CoA-ACK, Disconnect-NAK, or CoA-NAK.

202

Invalid EAP Packet (Ignored)

Invalid EAP Packet (Ignored) is a non-fatal error that must not be sent by implementations of this specification.

401

Unsupported Attribute

Unsupported Attribute is a fatal error sent if a Request contains an attribute (such as a Vendor-Specific or EAP-Message Attribute) that is not supported.

402

Missing Attribute

Missing Attribute is a fatal error sent if critical attributes (such as NAS or session identification attributes) are missing from a Request.

403

NAS Identification Mismatch

NAS Identification Mismatch is a fatal error sent if one or more NAS identification attributes do not match the identity of the NAS receiving the Request.

404

Invalid Request

Invalid Request is a fatal error sent if some other aspect of the Request is invalid, such as if one or more attributes (such as EAP-Message Attributes) are not formatted properly.

405

Unsupported Service

Unsupported Service is a fatal error sent if a Service-Type Attribute included with the Request is sent with an invalid or unsupported value. This error cannot be sent in response to a Disconnect-Request.

406

Unsupported Extension

Unsupported Extension is a fatal error sent because of a lack of support for an extension such as Disconnect or CoA packets, or both.

This is typically be sent by a proxy receiving an ICMP port unreachable message after attempting to forward a CoA-Request or Disconnect-Request to the NAS.

407

Invalid Attribute Value

Invalid Attribute Value is a fatal error sent if a CoA-Request or Disconnect-Request contains an attribute with an unsupported value.

501

Administratively Prohibited

Administratively Prohibited is a fatal error sent if the NAS is configured to prohibit honoring of CoA-Request or Disconnect-Request packets for the specified session.

502

Request Not Routable (Proxy)

Request Not Routable is a fatal error that may be sent by a proxy and must not be sent by a NAS. It indicates that the proxy was unable to determine how to route a CoA-Request or Disconnect-Request to the NAS. Example, this can occur if the required entries are not present in the proxy's realm routing table.

503

Session Context Not Found

Session Context Not Found is a fatal error sent if the session context identified in the CoA-Request or Disconnect-Request does not exist on the NAS.

504

Session Context Not Removable

Session Context Not Removable is a fatal error sent in response to a Disconnect-Request if the NAS was able to locate the session context, but could not remove it for some reason. It must not be sent within a CoA-ACK, CoA-NAK, or Disconnect-ACK, only within a Disconnect-NAK.

505

Other Proxy Processing Error

Other Proxy Processing Error is a fatal error sent in response to a CoA or Disconnect-Request that could not be processed by a proxy, for reasons other than routing.

506

Resources Unavailable

Resources Unavailable is a fatal error sent when a CoA or Disconnect-Request could not be honored because of a lack of available NAS resources (memory, non-volatile storage, and so on).

507

Request Initiated

Request Initiated is a fatal error sent by a NAS in response to a CoA-Request including a Service-Type Attribute with a value of Authorize Only. It indicates that the CoA-Request has not been honored, but that the NAS is sending one or more RADIUS Access-Requests including a Service-Type Attribute with value Authorize Only to the RADIUS server.

508

Multiple Session Selection Unsupported

Multiple Session Selection Unsupported is a fatal error sent by a NAS in response to a CoA-Request or Disconnect-Request whose session identification attributes match multiple sessions, where the NAS does not support Requests applying to multiple sessions.

RADIUS Disconnect Message [101] Error-Cause values for IPsec tunnel lists the possible [101] Error-Cause attribute values generated in the SR OS in response to a Disconnect Message targeting an IPsec tunnel.

Table 9. RADIUS Disconnect Message [101] Error-Cause values for IPsec tunnel
Code CoA Error Cause Description

404

Invalid Request

A fatal error sent if some other aspect of the Disconnect-Request is invalid, such as multiple tunnel identifications present in the request.

503

Session Context Not Found

A fatal error sent if the tunnel identified in the Disconnect-Request does not exist.

504

Session Context Not Removable

A fatal error sent if all identified tunnels belong to a tunnel group in MC-IPsec standby status.

Deprecated attributes and attributes not applicable to SR OS

The attributes listed in this section are included in the RADIUS dictionary delivered with the software package but have no functional use in the current SR OS release.

Note: Nokia can redefine those attributes in a future SR OS release without prior notice.

Deprecated attributes lists attributes present in the RADIUS dictionary and that are deprecated in the current SR OS release.

Table 10. Deprecated attributes
Attribute ID Attribute name

26.6527.37

Alc-Acct-OC-I-Inprof-Octets-64

26.6527.38

Alc-Acct-OC-I-Outprof-Octets-64

26.6527.39

Alc-Acct-OC-O-Inprof-Octets-64

26.6527.40

Alc-Acct-OC-O-Outprof-Octets-64

26.6527.41

Alc-Acct-OC-I-Inprof-Pkts-64

26.6527.42

Alc-Acct-OC-I-Outprof-Pkts-64

26.6527.43

Alc-Acct-OC-O-Inprof-Pkts-64

26.6527.44

Alc-Acct-OC-O-Outprof-Pkts-64

26.6527.79

Alc-Acct-I-All-Octets-Offer_64

26.6527.80

Alc-Acct-I-All-Pack-Offer_64

26.6527.85

Alc-Acct-OC-I-All-Octs-Offer_64

26.6527.86

Alc-Acct-OC-I-All-Pack-Offer_64

26.6527.87

Alc-Acct-OC-I-Inpr-Octs-Drop_64

26.6527.88

Alc-Acct-OC-I-Outpr-Octs-Drop_64

26.6527.89

Alc-Acct-OC-I-Inpr-Pack-Drop_64

26.6527.90

Alc-Acct-OC-I-Outpr-Pack-Drop_64

26.6527.91

Alc-Acct-OC-O-Inpr-Pack-Drop_64

26.6527.92

Alc-Acct-OC-O-Outpr-Pack-Drop_64

26.6527.93

Alc-Acct-OC-O-Inpr-Octs-Drop_64

26.6527.94

Alc-Acct-OC-O-Outpr-Octs-Drop_64

26.6527.128

Alc-ATM-Ingress-TD-Profile

26.6527.129

Alc-ATM-Egress-TD-Profile

26.6527.162

Alc-Subscriber-Session-Limit

Attributes not applicable in SR OS lists attributes present in the RADIUS dictionary and are not applicable in the current SR OS release.

Table 11. Attributes not applicable in SR OS
Attribute ID Attribute name

26.6527.142

Alc-APN-Password

26.6527.143

Alc-APN-Name

26.6527.150

Alc-Charging-Prof-ID