H3C MSR Series Command Reference Manual page 323
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
To address this issue, you can configure this command to exclude the unsupported attributes from
portal protocol packets sent to the portal authentication server.
You can specify multiple excluded attributes.
Table 41
describes all attributes of the portal protocol.
Table 41 Portal attributes
Name
UserName
PassWord
Challenge
ChapPassWord
TextInfo
UpLinkFlux
DownLinkFlux
Port
IP-Config
BAS-IP
Session-ID
Delay-Time
User-List
EAP-Message
User-Notify
BAS-IPv6
UserIPv6-List
Examples
# Exclude the BAS-IP attribute (number 10) from portal packets sent to MAC binding server 123.
<Sysname> system-view
[Sysname] portal mac-trigger-server 123
Number
Description
1
Name of the user to be authenticated.
2
User password in plaintext form.
3
Random challenge for CHAP authentication.
4
CHAP password encrypted by MD5.
The device uses this attribute to transparently transport prompt
information of a RADIUS server or packet error information to the portal
authentication server.
5
The attribute value can be any string excluding the end character '\0'.
This attribute can exist in any packet from the device to the portal
server. A packet can contain multiple TextInfo attributes. As a best
practice, carry only one TextInfo attribute in a packet.
6
Uplink (output) traffic of the user, an 8-byte unsigned integer, in KB.
7
Downlink (input) traffic of the user, an 8-byte unsigned integer, in KB.
8
Port information, a string excluding the end character '\0'.
This attribute has different meanings in different types of packets.
•
The device uses this attribute in ACK _AUTH (Type=0x04)
packets to notify the portal server that the user requires re-DHCP.
•
The device uses this attribute in ACK_LOGOUT (Type=0x06) and
9
NTF_LOGOUT (Type=0x08) packets to indicate that the current
user IP address must be released. The portal server must notify
the user to release the public IP address through DHCP. The
device will reallocate a private IP address to the user.
IP address of the access device. For re-DHCP portal authentication,
10
the value of this attribute is the public IP address of the access device.
Identification of a portal user. Generally, the value of this attribute is the
11
MAC address of the portal user.
Delay time for sending a packet. This attributes exists in
12
NTF_LOGOUT (Type=0x08) packets.
13
List of IP addresses of an IPv4 portal user.
An EAP attribute that needs to be transported transparently. This
14
attribute is applicable to EAP TLS authentication. Multiple
EAP-Message attributes can exist in a portal authentication packet.
Value of the hw_User_Notify attribute in a RADIUS accounting
15
response. This attribute needs to be transported transparently.
100
IPv6 address of the access device.
101
List of IPv6 addresses of an IPv6 portal user.
300
Advertisement
Table of Contents
