Handling RADIUS Disconnect and CoA Requests
Dynamic Authorization Client (DAC) initiates Disconnect-Request packet through UDP port to terminate the user session(s) on Network Access Server (NAS). It also discards all the associated session contexts.
The NAS responds with a Disconnect-ACK message if the session is identified, removed, and no longer valid. The NAS sends a Disconnect-NAK message if it is unable to disconnect the session.
This feature uses a combination of the following session keys to identify the sessions for termination:
-
3GPP-IMSI + 3GPP-NSAPI
-
ACCT-SESSION-ID
-
CALLED-STATION-ID (DNN) + FRAMED-IP-ADDR
-
CALLED-STATION-ID (DNN) + FRAMED-IPV6-PREFIX
Important | If multiple key combination is provided for the same session, it is accepted. However, if the multiple key combination leads to multiple session contexts or non-existing session context, the behavior is non-deterministic. |
The SMF supports only one session context per Disconnect-Message (DM) request. The SMF supports the following attributes in the DM request to identify the NAS and the user sessions to be terminated.
Attribute | Reference Specification | Encoding Type |
---|---|---|
3GPP-IMSI | 3GPP 29.061 - 16.4.7.2-1 | String |
3GPP-NSAPI |
3GPP 29.061 - 16.4.7.2-10 3GPP 29.561 – 11.3 |
String |
Accounting-Session-Id | RFC2866 | String |
FRAMED-IP | RFC2865 - 5.1 | IPV4 Address |
FRAMED-IPV6-PREFIX |
RFC3162 |
PrefixLen & String |
CALLED-STATION-ID (DNN) |
RFC2865 - 5.30 |
String |
NAS-IP-Address |
RFC2865 – 5.4 (optional) |
String |
NAS-Identifier |
RFC2864 – 5.32 (optional) |
String |
The SMF silently discards other attributes present in the DM request if the packet decoding is successful.
The SMF supports the following attributes in the DM ACK or NAK response.
Attribute | Reference Specification | Encoding Type |
---|---|---|
ERROR-CAUSE | RFC5176 – 3.5 | Integer |
REPLY-MESSAGE | RFC2865 – 5.18 | String |
The RADIUS endpoint (radius-ep) pod supports the following error codes if the Disconnect Request is rejected by radius-ep:
-
402 (Missing Attribute) - Triggered due to invalid key combination
-
403 (NAS Identification Mismatch) - Triggered if NAS-IP attribute in DM request does not match the endpoint COA-NAS VIP-IP or if NAS-Identifier attribute in the request does NAS identifier configuration within RADIUS Dynamic Authorization or CoA configuration
-
407 (Invalid Attribute) - Triggered due to format error, encode error, and so on
-
405 (Unsupported Service) - Triggered if the request is not a disconnect request
-
503 (Session Context Not Found) - Triggered if the session cannot be located
For more information on configuring this feature, see the Configuring the Session Disconnect Feature section.