How to disable radius attributes on NE40E

Publication Date:  2016-06-30 Views:  788 Downloads:  0
Issue Description

By default NE40 sends a lot of radius attributes that you may not need. In order to ease the load of the radius server you may want to disable unused radius attributes. Here below you can find the current configuration of radius.

#
radius-server group radius
radius-server shared-key xxxxx
radius-server authentication x.x.x.x vpn-instance xxxxxxxxxxx 1812 weight 0
radius-server accounting x.x.x.x vpn-instance xxxxxxxxxxxx 1813 weight 0
radius-attribute include hw-dhcp-option 60
radius-attribute disable HW-NAS-Startup-Time-Stamp send
radius-attribute disable HW-IP-Host-Address send
radius-attribute disable HW-Connect-ID send
radius-attribute disable HW-Version send
radius-attribute disable HW-Product-ID send
radius-attribute disable HW-User-Mac send
radius-attribute disable HW-Domain-Name send
#

Alarm Information

We made a packet capture on the radius server and we can see the attributes arriving to the system.

Handling Process
You must enable RADIUS attribute translation before disabling RADIUS attributes.
radius-server group group-name

Run:
radius-server attribute translate
RADIUS attribute translation is enabled.
Run either of the following commands to disable basic or extended RADIUS attributes:
Run the radius-attribute disable attribute-name { receive | send } * command to disable basic RADIUS attributes for request or response packets.

END