No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the RADIUS CoA or DM Function

Configuring the RADIUS CoA or DM Function

Context

The device supports the RADIUS CoA and DM functions. CoA provides a mechanism to change the rights of online users, and DM provides a mechanism to forcibly disconnect users.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure an authorization server.

    Step

    Command

    Remarks

    Configure a RADIUS authorization server.

    radius-server authorization ip-address { server-group group-name shared-key cipher key-string | shared-key cipher key-string [ server-group group-name ] } [ ack-reserved-interval interval ]

    By default, no RADIUS authorization server is configured.

  3. (Optional) Run authorization-info check-fail policy { online | offline }

    The policy to be enforced after the authorization information check fails is configured.

    By default, the device allows users to go online after the authorization information check fails.

  4. (Optional) Run radius-server session-manage { ip-address shared-key cipher share-key | any }

    Session management is enabled for the RADIUS server.

    By default, session management is disabled for the RADIUS server.

  5. (Optional) Configure the format of a RADIUS attribute to be parsed.

    • Run radius-server authorization calling-station-id decode-mac-format { bin | ascii { unformatted | { dot-split | hyphen-split } [ common | compress ] } }

      The MAC address format in RADIUS attribute 31 (Calling-Station-Id) in RADIUS CoA or DM packets is configured.

      By default, the MAC address format in RADIUS attribute 31 (Calling-Station-Id) in RADIUS CoA or DM packets is xxxxxxxxxxxx, in lowercase.

    • Run radius-server authorization attribute-decode-sameastemplate

      The device is configured to parse the MAC address format in RADIUS attribute 31 (Calling-Station-Id) in RADIUS CoA or DM packets based on RADIUS server template configurations.

      By default, the device is not configured to parse RADIUS attribute 31 in RADIUS CoA or DM packets based on RADIUS server template configurations.

      In a RADIUS server template, the MAC address format in RADIUS attribute 31 (Calling-Station-Id) is configured using the calling-station-id mac-format command.

  6. (Optional) Configure the update mode of user authorization information.

    1. Run aaa

      The AAA view is displayed.

    2. Run authorization-modify mode { modify | overlay }

      The update mode of user authorization information delivered by the authorization server is configured.

      By default, the update mode of user authorization information delivered by the authorization server is overlay.

Verifying the Configuration

Run the display radius-server authorization configuration command to check the RADIUS authorization server configuration.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 53886

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next