No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring a RADIUS Authorization Server

(Optional) Configuring a RADIUS Authorization Server

You can configure multiple RADIUS authorization servers to authorize users who use dynamic services.


You need to configure a RADIUS authorization server for a dynamic service so that the RADIUS server can dynamically authorize a user when the user uses the dynamic service.


The NE40E supports Change of Authorization (CoA). Authorization information about online users can be dynamically changed. While maintaining the online status of users, the network administrator can modify the service attributes on the RADIUS server and then send CoA packets to dynamically change the services used by users. This authorization mode is referred to as dynamic authorization.

Perform the following steps on the router:


  1. Run system-view

    The system view is displayed.

  2. Run radius-server authorization ip-address [ vpn-instance instance-name ] { shared-key key | server-group groupname } * [ ack-reserved-interval interval ]

    The global RADIUS authorization server is configured.

    To retain the RADIUS authorization response packet to respond to the retransmitted packets from the RADIUS authorization server, you need to set the period of retaining the authorization response when configuring the RADIUS authorization server.

    If destination-ip dest-ip or destination-port dest-port has been configured, the device checks the destination IP address or port number in the dynamic authorization packets and discards the packets if the destination IP address or port number does not match.

  3. Run radius-server authorization error-reply { version1 | version2 }

    The rule for configuring dynamic authorization response packets sent by the NE40E is executed.

  4. Run radius-server authorization accounting-realtime-packet disable

    The NE40E is disabled from automatically responding with a real-time accounting packet upon receipt of a CoA message delivered by the RADIUS server.

    After this command is run, the NE40E does not automatically respond with a real-time accounting packet upon receipt of a CoA message from the RADIUS server. As a result, the RADIUS server cannot learn the latest user status in a timely manner. To resolve this problem, run the accounting interim interval interval [ second ] [ traffic ] [ hash ] command to set an interval for informing the RADIUS server of the latest user status.

Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17229

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next