Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
741742743744745746747748749750
Source UDP port
Identier
VRF ID
discards the packets, if length of the packet is shorter than the length eld value.
discards the packets, if length of the packet is shorter than 20 or longer than 4096.
discards the packets, if request authenticator does not match the calculated MD5 checksum. NAS calculates the MD5 hash using
following elds from the request:
Code
Identier
Length
16 Zero Octets
Request Attributes
Shared secret (based on the source IP address of the packet)
discards the packets, if the message-authenticator received in the request is invalid. The message-authenticator is calculated using the
following elds:
Code Type
Identier
Length
Request Authenticator
Attributes
Disconnect Message Processing
This section lists various actions that the NAS performs during DM processing.
The following activities are performed by NAS:
responds with DM-Nak, if no matching session is found in NAS for the session identication attributes in DM; Error-Cause value is
“Session Context Not Found” (503).
responds with DM-Nak for any internal processing error in NAS; Error-Cause value is “Resources Unavailable” (506).
ignores attributes that are supported as per RFC but are irrelevant to the DM operation.
responds to a disconnect message containing one or more incorrect attributes values with a Disconnect-NAK; Error-Cause value is
“Invalid Attribute Value” (407).
responds to a disconnect message containing unsupported attributes with DM-Nak; Error-Cause value is “Unsupported Attributes
(401).
NOTE
: Unsupported attributes are the ones that are not mentioned in the RFC 5176 but present in the disconnect
message that is received by the NAS.
rejects the disconnect message containing NAS-IP-Address or NAS-IPV6-Address attribute that does not match NAS with DM-Nak;
Error-Cause value is “NAS Identication Mismatch” (403).
responds with a DM-Nak, if the NAS is congured to prohibit honoring of disconnect messages; Error-Cause value is “Administratively
Prohibited” (501).
Conguring DAC
You can congure trusted dynamic authorization clients (DACs).
This setting enables you to congure more than one DAC. Duplicate congurations are not allowed.
1 Enter the following command to enter dynamic authorization mode:
radius dynamic-auth
2 Enter the following command to congure DAC:
744
Security