RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5176, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", January 2008

Note: This RFC has been updated by RFC 8559

Source of RFC: radext (sec)
See Also: RFC 5176 w/ inline errata

Errata ID: 4311
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Alan DeKok
Date Reported: 2015-03-23
Verifier Name: Kathleen Moriarty
Date Verified: 2015-07-20

Section 2.3 says:

Section 2.3 says:

      In CoA-Request and Disconnect-Request packets, all attributes MUST
      be treated as mandatory. 

It should say:

In CoA-Request and Disconnect-Request packets, all attributes MUST
be treated as mandatory to understand by the NAS, except Proxy-State
attributes that MUST be treated as opaque data.  See Section 3.1 for a
discussion of how the NAS must handle Proxy-State.

Notes:

This was seen with vendor equipment. CoA proxying was done to the NAS, and the proxy was adding and forwarding Proxy-State as required by Section 3.1. However, the NAS was returning a CoA-NAK with Error-Cause = Unsupported-Attribute.

The issue comes because Proxy-State is called out in Section 3.1 for special handling. However, that special handling isn't called out in Section 2.3. As a result, implementors can get confused.

The RADEXT WG is rechartering with a document to address CoA proxying. We will also be addressing this issue in that document. There are additional attributes which a NAS should ignore, OR which should be filtered out by the proxy closest to the NAS.

The text was slightly updated by the WG from the originally submitted text.

Report New Errata



Advanced Search