Configuring A Local Radius Authentication Server - Huawei Quidway S3100 Series Operation Manual

Operation Manual – AAA&RADIUS
Quidway S3100 Series Ethernet Switches
Operation
Set the source
IP address
used by
switch to send
RADIUS
packets
Caution:
Generally, the access users are named in the userid@isp-name format. Where,
isp-name behind the @ character represents the ISP domain name, by which the
device determines which ISP domain it should ascribe the user to. However, some
old RADIUS servers cannot accept the user names that carry ISP domain names. In
this case, it is necessary to remove the domain names carried in the user names
before sending the user names to the RADIUS server. For this reason, the
user-name-format command is designed for you to specify whether or not ISP
domain names are carried in the user names sent to the RADIUS server.
For a RADIUS scheme, if you have specified that no ISP domain names are carried
in the user names, you should not adopt this RADIUS scheme in more than one ISP
domain. Otherwise, such errors may occur: the RADIUS server regards two
different users having the same name but belonging to different ISP domains as the
same user (because the usernames sent to it are the same).
In the default RADIUS scheme "system", no ISP domain names are carried in the
user names by default.

1.5.9 Configuring a Local RADIUS Authentication Server

Table 1-19 Configure local RADIUS authentication server
Operation
Enter system view
Create
RADIUS
authentication
server
Command
RADIUS scheme view
nas-ip ip-address
the
System view
radius nas-ip ip-address
Command
system-view
a local
local-server
ip-address key password
Huawei Technologies Proprietary
Chapter 1 AAA&RADIUS Configuration
Optional
By default, no source IP
address is specified; and the IP
address
interface is used as the source
IP address.
—
Required
By default, a local RADIUS
nas-ip
authentication
already been created, whose
NAS-IP and key are 127.0.0.1
and huawei respectively.
1-25
Description
of the outbound
Description
server has