[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 226: RFC 3576bis and Renumbering

To: "David B. Nelson" <dnelson@elbrysnetworks.com>, <radiusext@ops.ietf.org>
Subject: RE: Issue 226: RFC 3576bis and Renumbering
From: Bernard Aboba <bernard_aboba@hotmail.com>
Date: Tue, 22 May 2007 14:36:32 -0700

> I've never implemented RFC 3576, so please excuse me if I ask silly
> questions. If the RADIUS Server / Dynamic Access Client receives a CoA-NAK,
> in response to a CoA-Request, it means that Service-Type of "Authorize-Only"
> is not supported by the RADIUS Client / Dynamic Access Server, whether not
> the Error-Cause attribute is present?

A CoA-NAK is always sent in response to a CoA-Request with a Service-Type of "Authorize Only" regardless of whether the NAS supports this Service-type value or not. A CoA-ACK is never sent in response.

So only the Error-Cause Attribute distinguishes a successful response from an unsuccessful one. An Error-Cause Attribute is required in the case of a successful response; it was a MAY in RFC 3576 for an unsuccessful one. Given this, a RADIUS server would have to interpret the absence of an Error-Cause attribute in a CoA-NAK as an indication of failure, but it would not know *why* it failed.

> Are there other cases when Error-Cause is absent and it means something
> else?

Where the Service-Type Attribute is not present or the value is not "Authorize Only" it is possible to send a CoA-NAK or Disconnect-NAK and not include an Error-Cause attribute. But in such a case, a CoA-NAK/Disconnect-NAK always indicates a failure.

Prev by Date: RE: Issue 226: RFC 3576bis and Renumbering
Next by Date: RE: Issue 226: RFC 3576bis and Renumbering
Previous by thread: RE: Issue 226: RFC 3576bis and Renumbering
Next by thread: RE: Issue 226: RFC 3576bis and Renumbering
Index(es):
- Date
- Thread