2-21
z Generally, the access users are named in the userid@isp-name or userid.isp-name format. Here,
isp-name after the “@” or “.” character represents the ISP domain name, by which the device
determines which ISP domain a user belongs to. However, some old RADIUS servers cannot
accept the user names that carry ISP domain names. In this case, it is necessary to remove
domain names from user names before sending the user names to RADIUS server. For this reason,
the user-name-format command is designed for you to specify whether or not ISP domain names
are carried in the user names to be sent to RADIUS server.
z For a RADIUS scheme, if you have specified to remove ISP domain names from user names, you
should not use this RADIUS scheme in more than one ISP domain. Otherwise, such errors may
occur: the RADIUS server regards two different users having the same name but belonging to
different ISP domains as the same user (because the usernames sent to it are the same).
z In the default RADIUS scheme "system", ISP domain names are removed from user names by
default.
z The purpose of setting the MAC address format of the Calling-Station-Id (Type 31) field in RADIUS
packets is to improve the switch’s compatibility with different RADIUS servers. This setting is
necessary when the format of Calling-Station-Id field recognizable to RADIUS servers is different
from the default MAC address format on the switch. For details about field formats recognizable to
RADIUS servers, refer to the corresponding RADIUS server manual.
Configuring the Local RADIUS Authentication Server Function
The switch provides the local RADIUS server function (including authentication and authorization), also
known as the local RADIUS authentication server function, in addition to RADIUS client service, where
separate authentication/authorization server and the accounting server are used for user
authentication.
Table 2-20 Configure the local RADIUS authentication server function
Operation Command Remarks
Enter system view
system-view
—
Enable UDP port for local
RADIUS authentication server
local-server enable
Optional
By default, the UDP port for local
RADIUS authentication server is
enabled.
Configure the parameters of
the local RADIUS server
local-server nas-ip
ip-address key password
Required
By default, a local RADIUS
authentication server is
configured with an NAS IP
address of 127.0.0.1.
To Next Page
Loading...
Need help?
General