H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 266

Advertising
background image

25-14

To do…

Use the command…

Remarks

Set the status of the secondary
RADIUS
authentication/authorization server

state secondary authentication

{ block | active }

Set the status of the secondary
RADIUS accounting server

state secondary accounting

{ block | active }

scheme are in the block state, and
all RADIUS servers in all other
RADIUS schemes are in the block
state.

Configuring the Attributes of Data to be Sent to RADIUS Servers

Follow these steps to configure the attributes of data to be sent to RADIUS servers:

To do…

Use the command…

Remarks

Enter system view

system-view

Create a RADIUS scheme and
enter its view

radius scheme

radius-scheme-name

Required
By default, a RADIUS scheme
named "system" has already been
created in the system.

Set the format of the user names to
be sent to RADIUS server

user-name-format

{ with-domain

| without-domain }

Optional
By default, the user names sent
from the device to RADIUS server
carry ISP domain names.

Set the units of data flows to
RADIUS servers

data-flow-format data

{ byte |

giga-byte

| kilo-byte |

mega-byte

} packet { giga-packet

| kilo-packet | mega- packet |
one-packet

}

Optional
By default, in a RADIUS scheme,
the data unit and packet unit for
outgoing RADIUS flows are byte
and one-packet respectively.

Set the MAC address format of the
Calling-Station-Id (Type 31) field in
RADIUS packets

calling-station-id mode

{ mode1 |

mode2

} { lowercase |

uppercase

}

Optional
By default, the MAC address
format is XXXX-XXXX-XXXX, in
lowercase.

RADIUS scheme view

nas-ip

ip-address

Set the source IP address of
outgoing RADIUS messages

System view

radius nas-ip

ip-address

Optional
By default, no source IP address is
set; and the IP address of the
corresponding outbound interface
is used as the source IP address.

z

Generally, the access users are named in the userid@isp-name or userid.isp-name format. Here,

isp-name

after the “@” or “.” character represents the ISP domain name, by which the device

determines which ISP domain a user belongs to. However, some old RADIUS servers cannot
accept the user names that carry ISP domain names. In this case, it is necessary to remove
domain names from user names before sending the user names to RADIUS server. For this reason,
the user-name-format command is designed for you to specify whether or not ISP domain names
are carried in the user names to be sent to RADIUS server.

Advertising