Displaying and maintaining aaa, Configuring radius, Configuring – H3C Technologies H3C S5120 Series Switches User Manual

Page 424: Radius

Advertising
background image

1-18

access device can obtain the NAS ID by the access VLAN of the user and then send the NAS ID to the

RADIUS server through the NAS-identifier attribute.

Follow these steps to configure a NAS ID-VLAN binding:

To do…

Use the command…

Remarks

Enter system view

system-view

Create a NAS ID profile and
enter NAS ID profile view

aaa nas-id profile
profile-name

Required

Configure a NAS ID-VLAN
binding

nas-id nas-identifier bind vlan
vlan-id

Required

By default, no NAS ID-VLAN
binding exists.

Displaying and Maintaining AAA

To do…

Use the command…

Remarks

Display the configuration information
of a specified ISP domain or all ISP
domains

display domain [ isp-name ]

Available in any view

Display information about specified
or all user connections

display

connection [ access-type

dot1x | domain isp-name | interface
interface-type interface-number | ip
ip-address | mac mac-address |
ucibindex ucib-index | user-name
user-name | vlan vlan-id ]

Available in any view

Display information about specified
or all local users on

display local-user [ idle-cut
{ disable | enable } | service-type
{ ftp | lan-access | ssh | telnet |
terminal } | state { active | block } |
user-name user-name | vlan
vlan-id ]

Available in any view

Display configuration information
about a specified user group or all
user groups

display user-group [ group-name ]

Available in any view

Configuring RADIUS

The RADIUS protocol is configured on a per scheme basis. After creating a RADIUS scheme, you need

to configure the IP addresses and UDP ports of the RADIUS servers for the scheme. The servers

include authentication/authorization servers and accounting servers, or primary servers and secondary

servers. In other words, the attributes of a RADIUS scheme mainly include IP addresses of primary and

secondary servers, shared key, and RADIUS server type.

Actually, the RADIUS protocol configurations only set the parameters necessary for the information

interaction between a NAS and a RADIUS server. For these settings to take effect, you must reference

the RADIUS scheme containing those settings in ISP domain view. For information about the

commands for referencing a scheme, refer to

Configuring AAA

.

Advertising
Popular Brands
Popular manuals