Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Disconnect Access-User by...

Disconnect Access-User by Radius Coa/DM

Created: Mar 1, 2021 10:48:45Latest reply: Dec 25, 2021 02:27:12 1528 8 1 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello everyone!


I'm having a problem disconnecting the subscriber via CoA / DM using the User-Name attribute.

When I use the Acct-Session-Id attribute it works perfectly.

using the User-Name attribute I have the return "Error-Cause = Session-Context-Not-Found"


looking at other documentation I found this option.

https://support.huawei.com/enterprise/en/doc/EDOC1100156634/eb4cae32/radius-server-authorization-match-type


however it doesn't seem to work for my version (command does not exist).

radius-server authorization match-type { any | all }


Does anyone have any idea what the problem would be?


Router: NetEngine 8000 M8

Version: Version 8.200 (NetEngine 8000 V800R012C10SPC300)


User Connected

[~BRAS-TESTE]display access-user item
  ------------------------------------------------------------------------------
  UserID     Username                Interface      IP address       MAC
  ------------------------------------------------------------------------------
  8192       FHTT9538c020@ipoe       Eth-Trunk1.2100  10.66.7.253      000c-2919-9a98
  ------------------------------------------------------------------------------


Command Sucess from Acct-Session-Id:

root@Teste:/# echo "Acct-Session-Id=TESTE002012118000001a599aAAACII" | radclient -x 192.168.201.2:3799 disconnect MySecretKey
Sent Disconnect-Request Id 246 from 0.0.0.0:65333 to 192.168.201.2:3799 length 55
        Acct-Session-Id = "TESTE002012118000001a599aAAACII"
Received Disconnect-ACK Id 246 from 192.168.201.2:3799 to 177.10.144.50:65333 length 75
        Framed-IP-Address = 0.0.0.0
        Acct-Session-Id = "TESTE002012118000001a599aAAACII"
        NAS-Identifier = "TESTE"


Command Fail User-Name:

root@Teste:/# echo "User-Name=FHTT9538c020@ipoe" | radclient -x 192.168.201.2:3799 disconnect MySecretKey
Sent Disconnect-Request Id 143 from 0.0.0.0:64256 to 192.168.201.2:3799 length 39
        User-Name = "FHTT9538c020@ipoe"
Received Disconnect-NAK Id 143 from 192.168.201.2:3799 to 177.10.144.50:64256 length 45
        User-Name = "FHTT9538c020@ipoe"
        Error-Cause = Session-Context-Not-Found
(0) -: Expected Disconnect-ACK got Disconnect-NAK


IPoECoaDMRadiuscut

Like (1) Dislike (0) Favorite(0) Share Report
Previous: i need download eNSP
Next: How to decrypt cipher password for huawei switch
Featured Answers

Recommended answer

(0) (0)
DDSN
Admin Created Mar 3, 2021 08:30:06

Hi user_4139313,
According to your description, the connectivity between devices is normal. In addition, the NE8000 product documentation does not provide detailed information. You are advised to contact the TAC for more information.

View more
  • x
  • convention:
All Answers
(0) (0)
2#
BetterMing
BetterMing Created Mar 1, 2021 10:55:43

Hello, dear.
It's nice to meet you in the community.
We're working on getting the right answer for you. Please rest assured that we'll be back with an answer shortly.
View more
  • x
  • convention:
(1) (0)
3#
DDSN
DDSN Admin Created Mar 1, 2021 12:18:28

Hi user_4139313,

The NE8000 M8 does not support the radius-server authorization match-type command. 

Please try again without "@ipoe".

View more
  • x
  • convention:

user_4139313
user_4139313 Created Mar 1, 2021 13:18:11 (0) (0)
already tried, the result is the same.  
(0) (0)
4#
DDSN
DDSN Admin Created Mar 3, 2021 08:30:06

Hi user_4139313,
According to your description, the connectivity between devices is normal. In addition, the NE8000 product documentation does not provide detailed information. You are advised to contact the TAC for more information.

View more
  • x
  • convention:
(0) (0)
5#
Popeye_Wang
Popeye_Wang Admin Created Mar 4, 2021 02:28:09

Hi,
Maybe the user name generated on the device cannot be accepted by the RADIUS server, you can try to run the radius-attribute apply user-name command to configure the device to replace the original user name with the user name in the RADIUS attribute No.1 delivered by the RADIUS server.
Refer to https://support.huawei.com/hedex/hdx.do?docid=EDOC1100169782&id=EN-US_CLIREF_0314069278&lang=en

View more
  • x
  • convention:
(0) (0)
6#
user_4139313
user_4139313 Created Mar 9, 2021 05:26:59

unfortunately it didn't work
View more
  • x
  • convention:
(0) (0)
7#
antonioMarcos
antonioMarcos Created Apr 1, 2021 19:09:32

Hello!
I have the same problem with NE8000.
I trying disconnect user with DM Packet informing User-Name and returns "Session-Context-Not-Found",
but using Framed-Ip-Address, disconnect works normally.
View more
  • x
  • convention:
(0) (0)
8#
Annisaa
Annisaa Created Dec 25, 2021 02:27:12

thaks!
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.