Radius Nas-Ip - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
•
If local authentication, authorization, or accounting is configured as the backup, the device
performs local authentication, authorization, or accounting instead after the RADIUS request
fails. Local accounting is only for monitoring and controlling the number of local user
connections. It does not provide the statistics function that the accounting feature generally
provides.
Examples
# Enable the RADIUS client service.
<Sysname> system-view
[Sysname] radius client enable
radius nas-ip
Use radius nas-ip to specify a source address for outgoing RADIUS packets.
Use undo radius nas-ip to remove the configuration.
Syntax
radius nas-ip { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
undo radius nas-ip { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
Default
The source IP address of an outgoing RADIUS packet is the IP address of the outbound interface.
Views
System view
Default command level
2: System level
Parameters
ipv4-address: IPv4 address in dotted decimal notation. It must be an address of the device and
cannot be 0.0.0.0, 255.255.255.255, a class D address, or a class E address.
ipv6 ipv6-address: Specifies an IPv6 address. It must be a unicast address of the device and cannot
be a link-local address.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the source IPv4 address
belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. With a
VPN specified, the command specifies a private-network source IPv4 address. With no VPN
specified, the command specifies a public-network source IPv4 address.
Usage guidelines
You can specify up to one public-network source IP address and 15 private-network source IP
addresses. A newly specified public-network source IP address overwrites the previous one. Each
VPN can have only one private-network source IP address. A private-network source IP address
newly specified for a VPN overwrites the previous one.
The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS
that is configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon
receiving a RADIUS packet, a RADIUS server checks whether the source IP address of the packet is
the IP address of any managed NAS. If it is, the server processes the packet. If it is not, the server
drops the packet.
The setting configured by the nas-ip command in RADIUS scheme view is only for the RADIUS
scheme, whereas that configured by the radius nas-ip command in system view is for all RADIUS
schemes. The setting in RADIUS scheme view takes precedence.
66
Advertisement
Table of Contents
