FAQ-How to use the converter to translate the attributes of MA5200F radius

Publication Date:  2012-08-12 Views:  136 Downloads:  0
Issue Description
Q: In some cases, it needs to translate RADIUS attribute over different formats at MA5200F, or disable Receive/Transmit an attribute, for which the converter is. How to use the RADIUS attribute converter?

Alarm Information

Handling Process

1. Open the RADIUS converter (attachment attr.rar) first, and then set the name of server group, source attribute, destination attribute and translation direction, etc.

Note: Server group is required to have the same name to that configured for radius server group at MA5200F, which helps determine which attribute sent (received from) to the relevant RADIUS should be translated, and source attribute, destination attribute, as well as the attributes after and before translation. The most common attributes needing translation include  nas-port-id (87) and nas port id(old)(1027), nas port(new)(1026) and  nas-port(5), nas-identifier and nas-id(sim), etc. nas-port-id(87) represents for the new format of No.87 attribute of RADIUS, viz. “slot=x;subslo=xx;port=xx;vlan=xxxx”; nas port id(old)(1027) represents for the old format of No. 87 attribute of RADIUS, viz. “Slot(2-bit)SubSlot(2-bit)Port(3-bit)VlanID(9-bit)"; nas port(new)(1026) represents for the new format of No. attribute of RADIUS, viz. “Slot(8bit)+Subslot(4bit)+Port(8bit)+VlanID(12bit)”(binary, decimal system in actual translation); nas-port(5) represents for the old format of No.5 attribute of RADIUS 5, viz. “Slot(12bit)+Port(8bit)+VlanID(12bit)”(binary, decimal system in actual translation); nas-identifier represents for No. 32 attribute of RADIUS, which is defaulted to Send host name; nas-id(sim) represents that No. 32 RADIUS attribute needs to transmit hot-pot sequence number over WLAN, and if it is translated in Release R007, it transmits the value of portvlan-name.
Translation direction: NAS->RDS means translation for RADIUS packets transmitted, and RDS->NAS for that received.

2. If it is necessary to disable receive/transmit an attribute, it needs to set source attribute, and then select attribute disable and its direction. Like translation, RDS->NAS means to disable an attribute (viz. it does not take effect) when a RADIUS packet is received, and NAS->RDS means to disable the attribute (viz. it is not transmitted) when RADIUS packet is transmitted; 
3. After setting translation or its disable configuration, click right arrow icon in the “Translation List” to add the translation/disable configured to the list;
4. Set the other else RADIUS translation or attributes disabled in turn, which could be performed for multiple RADIUS server group; for the same MA5200F, it needs to add all attributes needing translation in a time, because only one RADIUS attribute translation file could exist onMA5200F;
5. Click “Save” to save RADIUS attribute translation file; notice that the file name cannot be changed, and it must be radius_attr_file.hex;
6. Upload the attribute translation file to MA5200 FLASH:/RADIUS/(it is required); if the directory exists not, please create it;
7. Execute the radius-server attribute translate command to enable radius attribute translation function in the RADIUS server group view of MA5200F; if multiple radius server groups exist, each should be configured with the command then;
8. If the attribute translation file is newly uploaded, it is required to execute refresh radius attribute-file command in system view to refresh the file so as to make it valid. 

Root Cause