diff --git a/tests/hwsim/test_radius.py b/tests/hwsim/test_radius.py
index 6f0716017..e47e3e0fd 100644
--- a/tests/hwsim/test_radius.py
+++ b/tests/hwsim/test_radius.py
@@ -723,6 +723,78 @@ def test_radius_das_disconnect(dev, apdev):
                                       Event_Timestamp=int(time.time()))
     send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, error_cause=503)
 
+def add_message_auth_req(req):
+    req.authenticator = req.CreateAuthenticator()
+    hmac_obj = hmac.new(req.secret)
+    hmac_obj.update(struct.pack("B", req.code))
+    hmac_obj.update(struct.pack("B", req.id))
+
+    # request attributes
+    req.AddAttribute("Message-Authenticator", 16*"\x00")
+    attrs = req._PktEncodeAttributes()
+
+    # Length
+    flen = 4 + 16 + len(attrs)
+    hmac_obj.update(struct.pack(">H", flen))
+    hmac_obj.update(16*"\x00") # all zeros Authenticator in calculation
+    hmac_obj.update(attrs)
+    del req[80]
+    req.AddAttribute("Message-Authenticator", hmac_obj.digest())
+
+def test_radius_das_disconnect_time_window(dev, apdev):
+    """RADIUS Dynamic Authorization Extensions - Disconnect - time window"""
+    try:
+        import pyrad.client
+        import pyrad.packet
+        import pyrad.dictionary
+        import radius_das
+    except ImportError:
+        raise HwsimSkip("No pyrad modules available")
+
+    params = hostapd.wpa2_eap_params(ssid="radius-das")
+    params['radius_das_port'] = "3799"
+    params['radius_das_client'] = "127.0.0.1 secret"
+    params['radius_das_require_event_timestamp'] = "1"
+    params['radius_das_require_message_authenticator'] = "1"
+    params['radius_das_time_window'] = "10"
+    params['own_ip_addr'] = "127.0.0.1"
+    params['nas_identifier'] = "nas.example.com"
+    hapd = hostapd.add_ap(apdev[0], params)
+    connect(dev[0], "radius-das")
+    addr = dev[0].own_addr()
+    sta = hapd.get_sta(addr)
+    id = sta['dot1xAuthSessionId']
+
+    dict = pyrad.dictionary.Dictionary("dictionary.radius")
+
+    srv = pyrad.client.Client(server="127.0.0.1", acctport=3799,
+                              secret="secret", dict=dict)
+    srv.retries = 1
+    srv.timeout = 1
+
+    logger.info("Disconnect-Request with unsupported attribute")
+    req = radius_das.DisconnectPacket(dict=dict, secret="secret",
+                                      NAS_IP_Address="127.0.0.1",
+                                      NAS_Identifier="nas.example.com",
+                                      Calling_Station_Id=addr,
+                                      Event_Timestamp=int(time.time()) - 50)
+    add_message_auth_req(req)
+    logger.debug(req)
+    try:
+        reply = srv.SendPacket(req)
+        raise Exception("Unexpected response to Disconnect-Request")
+    except pyrad.client.Timeout:
+        logger.info("Disconnect-Request with non-matching Event-Timestamp properly ignored")
+
+    logger.info("Disconnect-Request with unsupported attribute")
+    req = radius_das.DisconnectPacket(dict=dict, secret="secret",
+                                      NAS_IP_Address="127.0.0.1",
+                                      NAS_Identifier="nas.example.com",
+                                      Calling_Station_Id=addr,
+                                      Event_Timestamp=int(time.time()))
+    add_message_auth_req(req)
+    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
+
 def test_radius_das_coa(dev, apdev):
     """RADIUS Dynamic Authorization Extensions - CoA"""
     try: