Specifying A Server Version For Interoperating With Servers With A Vendor Id Of 2011; Configuring The Radius Attribute Translation Feature - H3C SR8800-F Configuration Manual

Specifying a server version for interoperating with servers
with a vendor ID of 2011
For the device to correctly interpret RADIUS attributes from the servers with a vendor ID of 2011,
specify a server version that is the same as the version of the RADIUS servers.
To specify a server version for interoperating with servers with a vendor ID of 2011:
Step
1. Enter system view.
2. Enter RADIUS scheme
view.
3. Specify a server version
for interoperating
servers with a vendor ID
of 2011.

Configuring the RADIUS attribute translation feature

About RADIUS attribute translation
The RADIUS attribute translation feature enables the device to work correctly with the RADIUS
servers of different vendors that support RADIUS attributes incompatible with the device.
RADIUS attribute translation has the following implementations:
•
Attribute conversion—Converts source RADIUS attributes into destination RADIUS attributes
based on RADIUS attribute conversion rules.
•
Attribute rejection—Rejects RADIUS attributes based on RADIUS attribute rejection rules.
When the RADIUS attribute translation feature is enabled, the device processes RADIUS packets as
follows:
•
For the sent RADIUS packets:
Deletes the rejected attributes from the packets.
Uses the destination RADIUS attributes to replace the attributes that match RADIUS
attribute conversion rules in the packets.
•
For the received RADIUS packets:
Ignores the rejected attributes in the packets.
Interprets the attributes that match RADIUS attribute conversion rules as the destination
RADIUS attributes.
To identify proprietary RADIUS attributes, you can define the attributes as extended RADIUS
attributes, and then convert the extended RADIUS attributes to device-supported attributes.
Restrictions and guidelines for RADIUS attribute translation configuration
Configure either conversion rules or rejection rules for a RADIUS attribute.
Configure either direction-based rules or packet type-based rules for a RADIUS attribute.
For direction-based translation of a RADIUS attribute, you can configure a rule for each direction
(inbound or outbound). For packet type-based translation of a RADIUS attribute, you can configure a
rule for each RADIUS packet type (RADIUS Access-Accept, RADIUS Access-Request, or RADIUS
accounting).
Commands
system-view
radius scheme
radius-scheme-name
with
attribute vendor-id 2011 version
{ 1.0 | 1.1 }
37
Remarks
N/A
N/A
By default, version 1.0 is used.