•
One source RADIUS attribute cannot be converted to multiple destination attributes.
If you do not specify a source RADIUS attribute, the undo attribute convert command deletes all
RADIUS attribute conversion rules.
Examples
# In RADIUS scheme radius1, configure a RADIUS attribute conversion rule to replace the
Hw-Server-String attribute of received RADIUS packets with the H3c-User-Roles attribute.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] attribute convert Hw-Server-String to H3c-User-Roles received
Related commands
attribute translate
display radius scheme
attribute reject (RADIUS DAE server view)
Use attribute reject to configure a RADIUS attribute rejection rule.
Use undo attribute reject to delete RADIUS attribute rejection rules.
Syntax
attribute reject attr-name { { coa-ack | coa-request } * | { received | sent } * }
undo attribute reject [ attr-name ]
Default
No RADIUS attribute rejection rules exist.
Views
RADIUS DAE server view
Predefined user roles
network-admin
Parameters
attr-name: Specifies a RADIUS attribute by its name, a case-insensitive string of 1 to 63 characters.
The attribute must be supported by the system.
coa-ack: Specifies the CoA acknowlegment packets.
coa-request: Specifies the CoA request packets.
received: Specifies the received DAE packets.
sent: Specifies the sent DAE packets.
Usage guidelines
Configure RADIUS attribute rejection rules for the following purposes:
•
Delete attributes from the RADIUS packets to be sent if the destination RADIUS server does
not identify the attributes.
•
Ignore unwanted attributes in the RADIUS packets received from a RADIUS server.
The RADIUS attribute rejection rules take effect only when the RADIUS attribute translation feature
is enabled.
A RADIUS attribute can be rejected only by one criterion, packet type or direction.
57