No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Verifying the RADIUS Configuration

Verifying the RADIUS Configuration

After configuring a RADIUS server, you can view the server configurations, RADIUS attributes supported by the system, and statistics on RADIUS packets.

Prerequisites

RADIUS server has been configured.

Procedure

  • Run the display radius-server authorization configuration command to check the configuration of the RADIUS authorization server.
  • Run the display radius-server configuration [ group groupname ] command to check the configuration of the RADIUS server group.

    NOTE:
    Configuring the ui-mode type1 command in the system view influences the output format of the display command.

  • Run the display radius-attribute [ name attribute-name | { type { 3gpp | dsl | huawei | microsoft | redback | standard } attribute-number ] command to check the RADIUS attributes supported by the system.
  • Run the display radius-attribute [ server-group server-group-name packet { access-request | access-accept | access-reject | accounting-request | accounting-response | coa-request | coa-ack | coa-nak | dm-request | dm-ack | dm-nak | accounting-on | accounting-off } ] command to check attributes carried in packets sent by the RADIUS server group.
  • Run the display radius-server packet { ip-address | ipv6-address } ip-address [ vpn-instance vpn-instance ] { accounting | authentication | coa | dm } command to check the statistics about the packets on the RADIUS server of a specified IP address.
  • Run the display radius-attribute packet-count command to check the number of times an attribute occurs in a RADIUS packet.
  • Run the display radius-client statistics client-ip client-ip-address [ vpn-instance vpn-instance-name ] command to check statistics about RADIUS packets exchanged between the RADIUS client and proxy.
  • Run the display aaa remote-download acl item [ user-id user-id | classifier classifier-name ] * [ verbose ] command to check information about the traffic classifier-behavior pair in dynamic ACLs delivered by the RADIUS server.
  • Run the display aaa remote-download acl statistics classifier classifier-name [ slot slot-id ] command to check statistics about the traffic classifier-behavior pair in dynamic ACLs delivered by the RADIUS server on a specific board.

Example

Run the display radius-server authorization configuration command to view the configuration of the RADIUS authorization server.
<HUAWEI> display radius-server authorization configuration
  -----------------------------------------------------------------------------
  IP-Address         Secret-key         Group                              Ack-r
Reserved-interval
  -----------------------------------------------------------------------------
  192.168.7.100      huawei             rd1                                20
    Vpn : --
  -----------------------------------------------------------------------------
  1 Radius authorization server(s) in total

Run the display radius-server configuration command, and you can view the configuration of the RADIUS server group.

<HUAWEI> display radius-server configuration
  RADIUS source interface            : LoopBack20                               
  RADIUS no response packet count    : 30                                       
  RADIUS auto recover time(Min)      : 100                                      
  RADIUS authentication source ports :                                          
         IPv4: 1812                                                             
         IPv6: 1812                                                             
  RADIUS accounting source ports     :                                          
         IPv4: 1813                                                             
         IPv6: 1813                                                             
  -------------------------------------------------------                       
  Server-group-name    :  chen                                                  
  Authentication-server:  IP:10.3.4.144 Port:1812 Weight[0] [UP]                 
                          Vpn: -                                                
  Accounting-server    :  IP:10.3.4.144 Port:1814 Weight[0] [UP]                 
                          Vpn: -                                                
  Protocol-version     :  radius        
  Shared-secret-key    :  ******                                                
  Retransmission       :  3                                                     
  Timeout-interval(s)  :  5                                                     
  Acct-Stop-Packet Resend  :  NO                                                
  Acct-Stop-Packet Resend-Times  :  0                                           
  -------------------------------------------------------                       
  Are you sure to display next (y/n)[y]:y                                       
  -------------------------------------------------------                       
  Server-group-name    :  huawei                                                
  Authentication-server:  IP:10.1.1.1 Port:1820 Weight[50] [UP]                 
                          Vpn: -                                                
  Accounting-server    :  IP:10.1.1.1 Port:1823 Weight[0] [UP]                  
                          Vpn: -                                                
  Accounting-server    :  IP:10.1.1.2 Port:20 Weight[20] [UP]                   
                          Vpn: -                                                
                          share-key:  huawei                                    
  Protocol-version     :  radius        
  Shared-secret-key    :  ******                                                
  Retransmission       :  2                                                     
  Timeout-interval(s)  :  8                                                     
  Acct-Stop-Packet Resend  :  YES                                               
  Acct-Stop-Packet Resend-Times  :  100                                         
  -------------------------------------------------------                       
  Total 2,2 printed                                                             

Run the display radius-attribute [ name attribute-name | { type { 3gpp | dsl | huawei | microsoft | redback | standard } attribute-number ]command, and you can view the RADIUS attributes supported by the NE40E of the current version.

<HUAWEI> display radius-attribute type standard 1
 Radius Attribute Type        : 1                                               
 Radius Attribute Name        : User-Name                                       
 Radius Attribute Description : This Attribute indicates the name of the user to
 be authenticated.                                                              
 Supported Packets            : Auth Request, Acct Request, Session Control, COA
 Request, COA Ack                                                               
Run the display radius-attribute server-group server-group-name packet access-request command, and you can view the attributes of Access-Request packets in the RADIUS server group named group 2.
<HUAWEI> display radius-attribute server-group group2 packet access-request
-------------------------------------------------------------------------------
  Radius Packet Type     : Access-Accept
  Attribute Type           Attribute Name                   Translate From
-------------------------------------------------------------------------------
  1                        User-Name
  6                        Service-Type
  7                        Framed-Protocol
  8                        Framed-IP-Address
  9                        Framed-IP-Netmask
  11                       Filter-Id
  12                       Framed-MTU
  14                       Login-IP-Host
  15                       Login-Service
  18                       Reply-Message
  19                       Callback-Number
  22                       Framed-Route
  24                       State
  25                       Class
  27                       Session-Timeout
  28                       Idle-Timeout
  29                       Termination-Action
  62                       Port-Limit
  64                       Tunnel-Type
  65                       Tunnel-Medium-Type
  66                       Tunnel-Client-Endpoint
  67                       Tunnel-Server-Endpoint
  69                       Tunnel-Password
  75                       Password-Retry
  79                       EAP-Message
  80                       Message-Authenticator
  81                       Tunnel-Private-Group-ID
  82                       Tunnel-Assignment-ID
  83                       Tunnel-Preference
  85                       Acct-Interim-Interval
  88                       Framed-Pool
  89                       Chargeable-User-Identity
  90                       Tunnel-Client-Auth-ID
  96                       Framed-Interface-Id
  97                       Framed-IPv6-Prefix
  98                       Login-IPv6-Host
  99                       Framed-IPv6-Route
  100                      Framed-IPv6-Pool
  123                      Delegated-IPv6-Prefix
  135                      Ascend-Client-Primary-Dns
  136                      Ascend-Client-Secondary-Dns
  2011(HUAWEI),1           HW-Input-Committed-Burst-Size
  2011(HUAWEI),2           HW-Input-Committed-Information-Rate
  2011(HUAWEI),3           HW-Input-Peak-Information-Rate
  2011(HUAWEI),4           HW-Output-Committed-Burst-Size
  2011(HUAWEI),5           HW-Output-Committed-Information-Rate
  2011(HUAWEI),6           HW-Output-Peak-Information-Rate
  2011(HUAWEI),15          HW-Remanent-Volume
  2011(HUAWEI),17          HW-Subscriber-QoS-Profile
  2011(HUAWEI),22          HW-Priority
  2011(HUAWEI),27          HW-Portal-URL
  2011(HUAWEI),28          HW-FTP-Directory
  2011(HUAWEI),29          HW-Exec-Privilege
  2011(HUAWEI),30          HW-RADIUS-MP-VT-Number
  2011(HUAWEI),31          HW-QOS-Profile-Name
  2011(HUAWEI),32          HW-SIP-Server
  2011(HUAWEI),35          HW-Renewal-Time
  2011(HUAWEI),36          HW-Rebinding-Time
  2011(HUAWEI),37          HW-IGMP-Enable
  2011(HUAWEI),61          HW-Up-Priority
  2011(HUAWEI),62          HW-Down-Priority
  2011(HUAWEI),63          HW-Tunnel-Vpn-Instance
  2011(HUAWEI),64          HW-Virtual-Template
  2011(HUAWEI),65          HW-User-Date
  2011(HUAWEI),66          HW-User-Class
  2011(HUAWEI),70          HW-PPP-NCP-Type
  2011(HUAWEI),71          HW-VSI-Name
  2011(HUAWEI),72          HW-Subnet-Mask
  2011(HUAWEI),73          HW-Gateway-Address
  2011(HUAWEI),74          HW-Lease-Time
  2011(HUAWEI),75          HW-Ascend-Client-Primary-WINS
  2011(HUAWEI),76          HW-Ascend-Client-Second-WIN
  2011(HUAWEI),77          HW-Input-Peak-Burst-Size
  2011(HUAWEI),78          HW-Output-Peak-Burst-Size
  2011(HUAWEI),79          HW-Reduced-CIR
  2011(HUAWEI),80          HW-Tunnel-Session-Limit
  2011(HUAWEI),82          HW-Data-Filter
  2011(HUAWEI),83          HW-Access-Service
  2011(HUAWEI),85          HW-Portal-Mode
  2011(HUAWEI),87          HW-Policy-Route
  2011(HUAWEI),88          HW-Framed-Pool
  2011(HUAWEI),91          HW-Queue-Profile
  2011(HUAWEI),92          HW-Layer4-Session-Limit
  2011(HUAWEI),93          HW-Multicast-Profile-Name
  2011(HUAWEI),94          HW-VPN-Instance
  2011(HUAWEI),95          HW-Policy-Name
  2011(HUAWEI),96          HW-Tunnel-Group-Name
  2011(HUAWEI),97          HW-Multicast-Source-Group
  2011(HUAWEI),98          HW-Multicast-Receive-Group
  2011(HUAWEI),99          HW-Multicast-Type
  2011(HUAWEI),100         HW-Reduced-PIR
  2011(HUAWEI),135         HW-Client-Primary-DNS
  2011(HUAWEI),136         HW-Client-Secondary-DNS
  2011(HUAWEI),138         HW-Domain-Name
  2011(HUAWEI),140         HW-HTTP-Redirect-URL
  2011(HUAWEI),141         HW-PPP-Local-IP-Address
  2011(HUAWEI),142         HW-Qos-Profile-Type
  2011(HUAWEI),143         HW-Max-List-Num
  2011(HUAWEI),154         HW-DNS-Server-IPv6-Address
  2011(HUAWEI),155         HW-DHCPv4-Option121
  2011(HUAWEI),156         HW-DHCPv4-Option43
  2011(HUAWEI),157         HW-Framed-Pool-Group
  2011(HUAWEI),158         HW-Framed-IPv6-Address
  2011(HUAWEI),160         HW-Nat-Policy-Name
  2011(HUAWEI),164         HW-Nat-Port-Forwarding
  2011(HUAWEI),166         HW-DS-Lite-Tunnel-Name
  2011(HUAWEI),167         HW-PCP-Server-Name
  2011(HUAWEI),182         HW-Down-Qos-Profile-Name
  2011(HUAWEI),183         HW-Port-Mirror
  2011(HUAWEI),191         HW-Delegated-IPv6-Prefix-Pool
  2011(HUAWEI),194         HW-IPv6-Policy-Route
  2011(HUAWEI),253         HW-Web-URL
  311(MICROSOFT),16        MS-MPPE-Send-Key
  311(MICROSOFT),17        MS-MPPE-Recv-Key
  311(MICROSOFT),26        MS-CHAP2-Success
  311(MICROSOFT),28        MS-Primary-DNS-Server
  311(MICROSOFT),29        MS-Secondary-DNS-Server
  2352(RedBack),92         Forward-Policy
  2352(RedBack),106        NPM-Service-Id
  2352(RedBack),107        HTTP-Redirect-Profile-Name
  2352(RedBack),165        HTTP-Redirect-URL
  5535(3GPP2),7            Home-Agent-Address
  5535(3GPP2),81           Removal-Indication
-------------------------------------------------------------------------------

Run the display radius-server packet ip-address ip-address [ vpn-instance ] accounting command, and you can view the statistics about the accounting packets on the RADIUS server of a specified IP address.

<HUAWEI>display radius-server packet ip-address 10.1.1.2 accounting
Total radius server accounting packets: 
  Account Requests   : 1          Account Retransmissions     : 19      
  Account Responses  : 0          Malformed Account Responses : 0      
  Bad Authenticators : 0          Pending Requests            : 0      
  Timeouts           : 20              
   Speed Limit Block : 0          Pending Limit Block         : 0        
   Server Down Block : 0          No Source IP Block          : 0      
   Server Not Reply  : 20              
  Unknown Types      : 0          Packets Dropped             : 0 
Last 30 minutes radius server accounting packets: 
  Account Requests   : 0          Account Retransmissions     : 0      
  Account Responses  : 0          Malformed Account Responses : 0      
  Bad Authenticators : 0          Pending Requests            : 0      
  Timeouts           : 20               
   Speed Limit Block : 0          Pending Limit Block         : 0      
   Server Down Block : 0          No Source IP Block          : 0      
   Server Not Reply  : 20               
  Unknown Types      : 0          Packets Dropped             : 0  
Run the display radius offline-sub-reason [ subcode subcode-number ] command to check the user offline causes mapped to the numbers carried in the Accounting Stop packets sent to the RADIUS server.
<HUAWEI> display radius offline-sub-reason subcode 1
------------------------------------------------------------------------------
Subcode     description of offline sub reason
------------------------------------------------------------------------------
1           User request to offline
------------------------------------------------------------------------------
Run the display radius-client statistics command to view statistics about RADIUS packets exchanged between the RADIUS client and proxy.
<HUAWEI> display radius-client statistics client-ip 10.111.2.20
Authentication packets:
  Access Requests    : 0          Access Accepts     : 0
  Access Challenges  : 0          Access Rejects     : 0
  Bad Authenticators : 0          Packets Dropped    : 0
Accouting packets:
  Account Requests   : 0          Account Responses  : 0
  Bad Authenticators : 0          Packets Dropped    : 0
DM packets:
  Author Requests    : 0          Author Acks        : 0
  Author Naks        : 0
Abnormal Attribute Length packets:
  Access Requests    : 0          Account Requests   : 0
  Author Acks        : 0          Author Naks        : 0
  Corrected Access Requests    : 0
Run the display aaa remote-download acl item [ user-id user-id | classifier classifier-name ] * [ verbose ] command. The command output shows information about the traffic classifier-behavior pair in dynamic ACLs delivered by the RADIUS server.
<HUAWEI> display aaa remote-download acl item
-------------------------------------------------------------------------------                                                     
 ClassifierName                     ReferedNumByUser  RuleNumber   Classifiertype                                              
-------------------------------------------------------------------------------                                                     
 class6                             1             2            remote                                                     
 The used user-id table are :                                                                                                           
  1                                                                                                                                 
-------------------------------------------------------------------------------                                                     
 class5                             1             2            remote                                                      
 The used user-id table are :                                                                                                           
  1                                                                                                                                 
-------------------------------------------------------------------------------                                                     
 Total Classifier-Behavior Number : 2
Run the display aaa remote-download acl statistics classifier classifier-name [ slot slot-id ] command. The command output shows statistics about the traffic classifier-behavior pair in dynamic ACLs delivered by the RADIUS server on a specific board.
<HUAWEI> display aaa remote-download acl statistics classifier c2 slot 1
  -------------------------------------------------------------------------
  Classifier name: c2
  Classifier type: remote
    rule:(number: 1)       
     ipv4;ruleid=5;daaflag;permit;proto=6;dipv4=10.2.3.3/16;su-group=group1;  
     (IPv4, inbound: 0 packets, 0 bytes, outbound: 0 packets, 0 bytes)
Behavior name: b2

deny;
Behavior Type: remote
----------------------------------------------------------------------------
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17153

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next