Table: RADIUS CoA Message [101] Error-Cause values provides an overview of the [101] Error-Cause attribute values as defined in RFC 5176 and lists if they are generated in SR OS.
| Code | CoA Error Cause | Description |
SR OS |
|---|---|---|---|
|
201 |
Residual Session Context Removed |
Residual Session Context Removed is sent in response to a Disconnect-Request if one or more user sessions are no longer active, but residual session context was found and successfully removed. This value is only sent within a Disconnect-ACK and must not be sent within a CoA-ACK, Disconnect-NAK, or CoA-NAK. |
|
|
202 |
Invalid EAP Packet (Ignored) |
Invalid EAP Packet (Ignored) is a non-fatal error that must not be sent by implementations of this specification. |
|
|
401 |
Unsupported Attribute |
Unsupported Attribute is a fatal error sent if a Request contains an attribute (such as a Vendor-Specific or EAP-Message Attribute) that is not supported. |
|
|
402 |
Missing Attribute |
Missing Attribute is a fatal error sent if critical attributes (such as NAS or session identification attributes) are missing from a Request. |
✓ |
|
403 |
NAS Identification Mismatch |
NAS Identification Mismatch is a fatal error sent if one or more NAS identification attributes do not match the identity of the NAS receiving the Request. |
✓ |
|
404 |
Invalid Request |
Invalid Request is a fatal error sent if some other aspect of the Request is invalid, such as if one or more attributes (such as EAP-Message Attributes) are not formatted properly. |
✓ |
|
405 |
Unsupported Service |
Unsupported Service is a fatal error sent if a Service-Type Attribute included with the Request is sent with an invalid or unsupported value. This error cannot be sent in response to a Disconnect-Request. |
✓ |
|
406 |
Unsupported Extension |
Unsupported Extension is a fatal error sent because of a lack of support for an extension such as Disconnect and, or CoA packets. This is typically be sent by a proxy receiving an ICMP port unreachable message after attempting to forward a CoA-Request or Disconnect-Request to the NAS. |
|
|
407 |
Invalid Attribute Value |
Invalid Attribute Value is a fatal error sent if a CoA-Request or Disconnect-Request contains an attribute with an unsupported value. |
✓ |
|
501 |
Administratively Prohibited |
Administratively Prohibited is a fatal error sent if the NAS is configured to prohibit honoring of CoA-Request or Disconnect-Request packets for the specified session. |
✓ |
|
502 |
Request Not Routable (Proxy) |
Request Not Routable is a fatal error that may be sent by a proxy and must not be sent by a NAS. It indicates that the proxy was unable to determine how to route a CoA-Request or Disconnect-Request to the NAS. Example, this can occur if the required entries are not present in the proxy's realm routing table. |
|
|
503 |
Session Context Not Found |
Session Context Not Found is a fatal error sent if the session context identified in the CoA-Request or Disconnect-Request does not exist on the NAS. |
✓ |
|
504 |
Session Context Not Removable |
Session Context Not Removable is a fatal error sent in response to a Disconnect-Request if the NAS was able to locate the session context, but could not remove it for some reason. It must not be sent within a CoA-ACK, CoA-NAK, or Disconnect-ACK, only within a Disconnect-NAK. |
|
|
505 |
Other Proxy Processing Error |
Other Proxy Processing Error is a fatal error sent in response to a CoA or Disconnect-Request that could not be processed by a proxy, for reasons other than routing. |
|
|
506 |
Resources Unavailable |
Resources Unavailable is a fatal error sent when a CoA or Disconnect-Request could not be honored because of a lack of available NAS resources (memory, non-volatile storage, and so on). |
✓ |
|
507 |
Request Initiated |
Request Initiated is a fatal error sent by a NAS in response to a CoA-Request including a Service-Type Attribute with a value of Authorize Only. It indicates that the CoA-Request has not been honored, but that the NAS is sending one or more RADIUS Access-Requests including a Service-Type Attribute with value Authorize Only to the RADIUS server. |
|
|
508 |
Multiple Session Selection Unsupported |
Multiple Session Selection Unsupported is a fatal error sent by a NAS in response to a CoA-Request or Disconnect-Request whose session identification attributes match multiple sessions, where the NAS does not support Requests applying to multiple sessions. |
Table: RADIUS Disconnect Message [101] Error-Cause values for IPsec tunnel lists the possible [101] Error-Cause attribute values generated in the SR OS in response to a Disconnect Message targeting an IPsec tunnel.
| Code | CoA Error Cause | Description |
|---|---|---|
|
404 |
Invalid Request |
A fatal error sent if some other aspect of the Disconnect-Request is invalid, such as multiple tunnel identifications present in the request. |
|
503 |
Session Context Not Found |
A fatal error sent if the tunnel identified in the Disconnect-Request does not exist. |
|
504 |
Session Context Not Removable |
A fatal error sent if all identified tunnels belong to a tunnel group in MC-IPsec standby status. |