31
Do not apply the RADIUS scheme to more than one ISP domain if you have configured the
user-name-format without-domain command for that RADIUS scheme. Otherwise, users in
different ISP domains are considered the same user if they use the same username.
For level switching authentication, user-name-format keep-original and user-name-format
without-domain commands all produce the same results: they make sure that usernames sent to
the RADIUS server carry no ISP domain name.
Setting the supported RADIUS server type
The supported RADIUS server type determines the type of the RADIUS protocol that the device uses
to communicate with the RADIUS server. It can be standard or extended:
• Standard—Uses the standard RADIUS protocol, compliant to RFC 2865 and RFC 2866 or
later.
• Extended—Uses the proprietary RADIUS protocol (vendor ID 25506).
When the RADIUS server runs on CAMS or IMC, you must set the RADIUS server type to extended.
When the RADIUS server runs third-party RADIUS server software, either RADIUS server type
applies. For the device to function as a RADIUS server to authenticate login users, you must set the
RADIUS server type to standard.
To set the RADIUS server type:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3. Set the RADIUS server type.
server-type
{
extended
|
standard
}
Optional.
The default RADIUS server
type is
standard
.
NOTE:
Changing the RADIUS server type will restore the unit for data flows and that for packets that are
sent to the RADIUS server to the defaults.
Setting the maximum number of RADIUS request transmission attempts
RADIUS uses UDP packets to transfer data. UDP communication is not reliable. To improve
reliability, RADIUS uses a retransmission mechanism. If a NAS sends a RADIUS request to a
RADIUS server but receives no response before the response timeout timer (defined by the timer
response-timeout command) expires, it retransmits the request. If the number of transmission
attempts exceeds the specified limit but it still receives no response, it tries to communicate with
other RADIUS servers in active state. If no other servers are in active state at the time, it considers
the authentication or accounting attempt a failure. For more information about RADIUS server states,
see "Setting the status of RADIUS servers."
The maximu
m number of transmission attempts of RADIUS packets multiplied by the RADIUS
server response timeout period cannot be greater than 75 seconds. For more information about the
RADIUS server response timeout timer, see "Setting RADIUS timers."
To set the maximum number of RADIUS request transmission attempts for a scheme:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
To Next Page
Loading...
Need help?
General
