Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S5600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-30
Operation Command Description
used by the
switch to send
RADIUS
packets
System view
radius nas-ip ip-address
address is specified; and the IP
address of the outbound
interface is used as the source
IP address.
Caution:
z Generally, the access users are named in the userid@isp-name format. Where,
isp-name behind the @ character represents the ISP domain name, by which the
device determines which ISP domain it should ascribe the user to. However, some
old RADIUS servers cannot accept the user names that carry ISP domain names. In
this case, it is necessary to remove the domain names carried in the user names
before sending the user names to the RADIUS server. For this reason, the
user-name-format command is designed for you to specify whether or not ISP
domain names are carried in the user names sent to the RADIUS server.
z For a RADIUS scheme, if you have specified that no ISP domain names are carried
in the user names, you should not adopt this RADIUS scheme in more than one ISP
domain. Otherwise, such errors may occur: the RADIUS server regards two
different users having the same name but belonging to different ISP domains as the
same user (because the usernames sent to it are the same).
z In the default RADIUS scheme "system", no ISP domain names are carried in the
user names by default.
1.4.9 Configuring a Local RADIUS Authentication Server
Table 1-20 Configure local RADIUS authentication server
Operation Command Description
Enter system view
system-view
—
Create a local
RADIUS
authentication
server
local-server nas-ip
ip-address key password
Required
By default, a local RADIUS
authentication server has
already been created, whose
NAS-IP and key are 127.0.0.1
and huawei respectively.
To Next Page
Loading...
