49
and user description. After completing this task, the specified RADIUS user can use the username and
password for RADIUS authentication on the switch.
You can use the authorization-attribute command to specify an authorization ACL and authorized VLAN,
which is assigned by the RADIUS server to the RADIUS client (the NAS) after the RADIUS user passes
authentication. The NAS then uses the assigned ACL and VLAN to control user access. If the assigned
ACL does not exist on the NAS, ACL assignment fails and the NAS forcibly logs out the RADIUS user. If
the assigned VLAN does not exist on the NAS, the NAS creates the VLAN and adds the RADIUS user or
the access port to the VLAN.
To configure a RADIUS user:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Create a RADIUS user and
enter RADIUS server user
view.
radius-server user user-name No RADIUS user exists by default.
3. Configure a password for the
RADIUS user.
password [ cipher | simple ]
password
Optional.
By default, no password is
specified.
4. Configure the authorization
attribute for the RADIUS user.
authorization-attribute { acl
acl-number | vlan vlan-id } *
Optional.
Not configured by default.
5. Set the expiration time for the
RADIUS user.
expiration-date time
Optional.
By default, no expiration time is
set, and the system does not check
users’ expiration time.
6. Configure a description for
the RADIUS user.
description text
Optional.
Not configured by default.
Specifying a RADIUS client
This task is to specify the IP address of a client to be managed by the RADIUS server and configure the
shared key. The RADIUS server processes only the RADIUS packets sent from the specified clients.
To specify a RADIUS client
Step Command Remarks
1. Enter system view.
system-view N/A
2. Specify a RADIUS client.
radius-server client-ip ip-address [ key
[ cipher | simple ] string ]
No RADIUS client is
specified by default.
NOTE:
• The IP address of a RADIUS client specified on the RADIUS server must be consistent with the source IP
address of outgoing RADIUS packets configured on the RADIUS client.
• The shared key confi
ured on the RADIUS server must be consistent with that confi
ured on the RADIUS
client.
To Next Page
Loading...
Need help?
General
