Hi Harshit,
On 13.01.21, 06:24, "Harshit Jain" hjain@arista.com wrote: > This makes me wonder how CoA Servers will behave if they receive ACK/NAK for some realms they send requests to, but not others (having DynAuthResponse On for some realms, but not others). Haven't looked at the details if the RFC has considered this. I went through the RFC but I don't think the RFC has considered this. I couldn't find any mention of how CoA Servers should behave on receiving a NAK.
Indeed. However, the way I read RFC 8559 a proxy must always respond with a NAK if it can't proxy. Doing this for some realms but not others might confuse a home server. So a per realm DynAuthResponse doesn't make sense to me. If any, this might be a global config.
Regards, Fabian
-- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39