RADIUS CoA [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:bras_bng:radius_integration:radius_auth_coa [2024/12/05 15:03] elena.krasnobryzhen:dpi:bras_bng:radius_integration:radius_auth_coa [2025/08/19 14:37] (current) – [RADIUS CoA] elena.krasnobryzh
    Line 2: Line 2:
     {{indexmenu_n>2}} {{indexmenu_n>2}}
     [[https://tools.ietf.org/html/rfc5176|CoA]] - Change of Authorization are notifications from the RADIUS server that the user properties have changed or that the user has become unauthorized. [[https://tools.ietf.org/html/rfc5176|CoA]] - Change of Authorization are notifications from the RADIUS server that the user properties have changed or that the user has become unauthorized.
    - 
    -CoA-Request нотификация говорит о том, что пользователь авторизован и, опционально, у него изменились  
    -некоторые параметры. Таким образом, CoA-Request может приходить в следующих случаях: 
      
     A CoA-Request notification tells you that the user is authorized and, optionally, has some parameters changed. Thus, CoA-Request can appear in the following cases: A CoA-Request notification tells you that the user is authorized and, optionally, has some parameters changed. Thus, CoA-Request can appear in the following cases:
    Line 43: Line 40:
     According to RFC5176, CoA-Request with Service-Type=8 (Authenticate-Only) should be responded with a CoA-NAK response containing the ''Error-Cause=507'' (Request Initiated) attribute. It's not always convenient since some utilities (for example, radclient from the FreeRADIUS package) treat the CoA-NAK response as an error. According to RFC5176, CoA-Request with Service-Type=8 (Authenticate-Only) should be responded with a CoA-NAK response containing the ''Error-Cause=507'' (Request Initiated) attribute. It's not always convenient since some utilities (for example, radclient from the FreeRADIUS package) treat the CoA-NAK response as an error.
     The fastPCRF has a ''coa_reauth_ack'' option that determines how to respond to the CoA-Request with Service-Type=8: The fastPCRF has a ''coa_reauth_ack'' option that determines how to respond to the CoA-Request with Service-Type=8:
    -  * 0 (the default value) - standard behavior: to respond by CoA-NAK with Error-Cause=507 +  * 0  - standard behavior: to respond by CoA-NAK with Error-Cause=507 
    -  * 1 - non-standard behavior: to respond by CoA-ACK+  * 1 (the default value) - to respond by CoA-ACK
      
     This option can be set in the fastpcrf.conf both globally for all RADIUS-servers and specifically for each RADIUS-server: This option can be set in the fastpcrf.conf both globally for all RADIUS-servers and specifically for each RADIUS-server: