54
Configuring a RADIUS user
This task is to create a RADIUS user and configure a set of attributes for the user on a network
device serving as the RADIUS server. User attributes include the password, authorization attribute,
expiration time, and user description. After configuration, the specified RADIUS user can use the
username and password for RADIUS authentication on the device.
To configure a RADIUS user:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create a RADIUS user and
enter RADIUS server user
view.
radius-server user
user-name
No RADIUS user exists by
default.
3. Configure a password for the
RADIUS user.
password
[
cipher
|
simple
]
password
Optional.
By default, no password is
specified.
4. Configure the authorization
attribute for the RADIUS
user.
authorization-attribute
{
acl
acl-number |
vlan
vlan-id } *
Optional.
Not
configured by default.
5. Set the expiration time for
the RADIUS user.
expiration-date
time
Optional.
By default, no expiration time is
set, and the system does not
check users' expiration time.
6. Configure a description for
the RADIUS user.
description
text
Optional.
Not configured by default.
You can use the authorization-attribute command to specify an authorization ACL and authorized
VLAN, which will be assigned by the RADIUS server to the RADIUS client (the NAS) after the
RADIUS user passes authentication. The NAS then uses the assigned ACL and VLAN to control
user access. If the assigned ACL does not exist on the NAS, ACL assignment will fail and the NAS
will log the RADIUS user out forcibly. If the assigned VLAN does not exist on the NAS, the NAS will
create the VLAN and add the RADIUS user or the access port to the VLAN.
Specifying a RADIUS client
This task is to specify the IP address of a client to be managed by the RADIUS server and configure
the shared key for secure RADIUS communication. The RADIUS server processes RADIUS packets
only from the specified clients.
To specify a RADIUS client:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Specify a RADIUS client.
radius-server
client-ip
ip-address [
key
[
ciper
|
simple
]
string ]
No RADIUS client is specified by
default.
The IP address of a RADIUS client specified on the RADIUS server must be consistent with the
source IP address of outgoing RADIUS packets configured on the RADIUS client.
The shared key configured on the RADIUS server must be consistent with that configured on the
RADIUS client.
To Next Page
Loading...
Need help?
General
