HP 5120 SI Series Security Configuration Manual page 38

NOTE:
The server status set by the state command cannot be saved in the configuration file and will be restored
•
to active every time the server restarts.
To display the states of the servers, use the display radius scheme command.
•
Setting the username format and traffic statistics units
A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP
domain the user belongs to and is used by the device to determine which users belong to which ISP
domains. However, some earlier RADIUS servers cannot recognize usernames that contain an ISP
domain name. In this case, the device must remove the domain name of each username before sending
the username. You can set the username format on the device for this purpose.
The device periodically sends accounting updates to RADIUS accounting servers to report the traffic
statistics of online users. For normal and accurate traffic statistics, make sure that the unit for data flows
and that for packets on the device are consistent with those on the RADIUS server.
Follow these steps to set the username format and the traffic statistics units for a RADIUS scheme:
To do...
Enter system view
Enter RADIUS scheme view
Set the format for usernames sent to
the RADIUS servers
Specify the unit for data flows or
packets sent to the RADIUS servers
NOTE:
If a RADIUS scheme defines that the username is sent without the ISP domain name, do not apply the
•
RADIUS scheme to more than one ISP domain. Otherwise, users using the same username but in
different ISP domains will be considered the same user.
For level switching authentication, the user-name-format keep-original and user-name-format
•
without-domain commands produce the same results: they ensure that usernames sent to the RADIUS
server carry no ISP domain name.
Specifying a source IP address for outgoing RADIUS packets
The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS
configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving a
RADIUS packet, a RADIUS server checks whether the source IP address of the packet is the IP address of
any managed NAS. If yes, the server processes the packet. If not, the server drops the packet.
Usually, the source address of outgoing RADIUS packets can be the IP address of the NAS's any
interface that can communicate with the RADIUS server.
Use the command...
system-view
radius scheme
radius-scheme-name
user-name-format { keep-original
| with-domain | without-domain }
data-flow-format { data { byte |
giga-byte | kilo-byte |
mega-byte } | packet
{ giga-packet | kilo-packet |
mega-packet | one-packet } }*
26
Remarks
—
—
Optional
By default, the ISP domain name is
included in the username.
Optional
byte for data flows and one-packet
for data packets by default.