Configuring Radius Related Attributes; Specifying Nas-Port-Type For An Interface; Specifying A Nas Id Profile For An Interface - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
The MAC-VLAN entries generated in response to portal authentication failures do not overwrite the
MAC-VLAN entries already generated in other authentication modes.
Configuring RADIUS related attributes
Only Layer 3 portal authentication supports this feature.
Specifying NAS-Port-Type for an interface
NAS-Port-Type is a standard RADIUS attribute for indicating a user access port type. With this attribute
specified on an interface, when a portal user logs on from the interface, the device uses the specified
NAS-Port-Type value as that in the RADIUS request to be sent to the RADIUS server. If NAS-Port-Type is not
specified, the device uses the access port type obtained.
If there are multiple network devices between the Broadband Access Server (BAS, the portal
authentication access device) and a portal client, the BAS may not be able to obtain a user's correct
access port information. For example, for a wireless client using portal authentication, the access port
type obtained by the BAS may be the type of the wired port that authenticates the user. To make sure that
the BAS delivers the right access port information to the RADIUS server, specify the NAS-Port-Type
according to the practical access environment.
To specify the NAS-Port-Type value for an interface:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Specify the NAS-Port-Type
value for the interface.
Specifying a NAS ID profile for an interface
In some networks, users' access points are identified by their access VLANs. Network carriers need to
use NAS-identifiers to identify user access points. With a NAS ID profile specified on an interface, when
a user logs in from the interface, the access device checks the specified profile to obtain the NAS ID that
is bound with the access VLAN. The value of this NAS ID is used as that of the NAS-identifier attribute
in the RADIUS packets to be sent to the RADIUS server.
A NAS ID profile defines the binding relationship between VLANs and NAS IDs. A NAS ID-VLAN
binding is defined by the nas-id id-value bind vlan vlan-id command, which is described in detail in AAA
configuration commands in the Security Command Reference.
If no NAS-ID profile is specified for an interface or no matching binding is found in the specified profile,
the switch uses the device name as the interface NAS ID.
To configure a NAS ID profile for an interface:
Step
1.
Enter system view.
Command
system-view
interface interface-type
interface-number
portal nas-port-type { ethernet |
wireless }
Command
system-view
142
Remarks
N/A
N/A
Not configured by default
Remarks
N/A
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
