Displaying and maintaining aaa, Configuring radius, Configuring – H3C Technologies H3C S5120 Series Switches User Manual
Page 424: Radius
1-18
access device can obtain the NAS ID by the access VLAN of the user and then send the NAS ID to the
RADIUS server through the NAS-identifier attribute.
Follow these steps to configure a NAS ID-VLAN binding:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a NAS ID profile and
enter NAS ID profile view
aaa nas-id profile
profile-name
Required
Configure a NAS ID-VLAN
binding
nas-id nas-identifier bind vlan
vlan-id
Required
By default, no NAS ID-VLAN
binding exists.
Displaying and Maintaining AAA
To do…
Use the command…
Remarks
Display the configuration information
of a specified ISP domain or all ISP
domains
display domain [ isp-name ]
Available in any view
Display information about specified
or all user connections
display
connection [ access-type
dot1x | domain isp-name | interface
interface-type interface-number | ip
ip-address | mac mac-address |
ucibindex ucib-index | user-name
user-name | vlan vlan-id ]
Available in any view
Display information about specified
or all local users on
display local-user [ idle-cut
{ disable | enable } | service-type
{ ftp | lan-access | ssh | telnet |
terminal } | state { active | block } |
user-name user-name | vlan
vlan-id ]
Available in any view
Display configuration information
about a specified user group or all
user groups
display user-group [ group-name ]
Available in any view
Configuring RADIUS
The RADIUS protocol is configured on a per scheme basis. After creating a RADIUS scheme, you need
to configure the IP addresses and UDP ports of the RADIUS servers for the scheme. The servers
include authentication/authorization servers and accounting servers, or primary servers and secondary
servers. In other words, the attributes of a RADIUS scheme mainly include IP addresses of primary and
secondary servers, shared key, and RADIUS server type.
Actually, the RADIUS protocol configurations only set the parameters necessary for the information
interaction between a NAS and a RADIUS server. For these settings to take effect, you must reference
the RADIUS scheme containing those settings in ISP domain view. For information about the
commands for referencing a scheme, refer to