No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring RADIUS Proxy Authentication

(Optional) Configuring RADIUS Proxy Authentication


In some cases, user authentication and accounting may be performed on different devices. For example, the AC is responsible for user authentication, whereas the BRAS is responsible for user accounting. To prevent two devices from sending authentication packets to the RADIUS server at the same time, configure the BRAS that performs user accounting as a RADIUS proxy. The RADIUS proxy then records authentication information of users when forwarding RADIUS authentication packets. The BRAS with RADIUS proxy authentication configured transparently transmits RADIUS packets from a specified RADIUS client to the RADIUS server, record authorization information delivered by the RADIUS server, and transparently transmits authentication response packets. If the authentication mode configured in the user domain of the BRAS is radius-proxy, the BRAS can use the recorded authorization information to authorize users.

Currently, RADIUS proxy authentication takes effect for only IPoE users.

Perform the following steps on the NE40E.


  1. Run system-view

    The system view is displayed.

  2. Run radius-client ip-address [ mask { mask-ip | mask-length } ] [ vpn-instance instance-name ] { { shared-key key | shared-key-cipher key-string-cipher } | server-group groupname | roam-domain domain-name | domain-authorization | trigger-web { authentication | accounting | none } } *

    A RADIUS client is configured, including the IP address, VPN instance, shared key, and RADIUS server group.

  3. (Optional) Run radius-client check-attribute-length loose [ correct-forwarding ]

    Loose check or correction of attribute lengths in authentication or accounting request packets is configured.

  4. (Optional) Run radius-client packet dscp dscp-value

    A DSCP value is set for RADIUS packets sent from the BRAS to the AP/AC.

  5. Run commit

    The configuration is committed.

Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17476

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next