No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
radius-server authorization attribute-encode-sameastemplate

radius-server authorization attribute-encode-sameastemplate

Function

The radius-server authorization attribute-encode-sameastemplate command configures a device to encapsulate attributes in the COA or DM Response packet based on the configurations in the RADIUS server template.

The undo radius-server authorization attribute-encode-sameastemplate command restores the default setting.

By default, a device is not configured to encapsulate attributes in the COA or DM Response packet based on the configurations in the RADIUS server template.

Format

radius-server authorization attribute-encode-sameastemplate

undo radius-server authorization attribute-encode-sameastemplate

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The attribute match check function is configured on the RADIUS servers of some vendors. The attribute match check succeeds and the RADIUS server successfully interconnects with a device to implement dynamic authorization or offline operations only when the attribute encapsulation formats in the COA or DM Response packet received by the RADIUS server are the same as those parsed from the RADIUS authentication Response packets. The RADIUS server encapsulates the attributes parsed from the RADIUS Response packet based on the configurations in the RADIUS server template. To ensure that the attribute formats in the COA or DM Response packet are the same as those parsed by the RADIUS server from the RADIUS packet, you can run the radius-server authorization attribute-encode-sameastemplate command to configure the device to encapsulate attributes in the COA or DM Response packet based on the configurations in the RADIUS server template, so that the device is successfully interconnected with the RADIUS server.

Attributes whose encapsulation formats need to be configured in the COA or DM Response packet include Calling-Station-Id (31), NAS-IP-Address (4), and User-Name (1).

Precautions

  • This function is used to configure the encapsulation modes of the Calling-Station-Id (31), NAS-IP-Address (4), and User-Name (1) attributes in the COA or DM Response packet to be the same as those configured in the RADIUS server template. Therefore, perform the following steps before using this function.
    1. Configure the encapsulation modes of attributes in the RADIUS server template view.
    2. Run the radius-server authorization command in the system view to configure the authorization server to use the RADIUS server template server-group.
  • After this function is configured, the priority of the NAS IP address in the NAS-IP-Address (4) attribute is as follows: NAS IP address configured in the RADIUS server template>NAS IP address configured in the system view>source IP address configured on the accounting server>source IP address configured on the authentication server>source IP address configured in the global view>destination IP address of the Request packet
  • If the radius-server authorization attribute-encode-sameastemplate command is not configured, no RADIUS server template is bound to the authorization server, or no attribute format configuration exists in the RADIUS server template, the formats of COA or DM response packets are as follows:
    • MAC address in the Calling-Station-Id (31) attribute: The MAC address is encapsulated in the default format XXXXXXXXXXXX.
    • NAS IP address in the NAS-IP-Address (4) attribute: destination IP address in the Request packet
    • User name in the User-Name (1) attribute: The user name in the Request packet is used.

Example

# Configure the RADIUS authorization server to parse attributes based on the configurations in the RADIUS server template.

<Huawei> system-view
[Huawei] radius-server authorization attribute-encode-sameastemplate
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 206654

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next