Configuring The Local Radius Authentication Server Function - H3C S3100 8C SI Operation Manual

Operation Manual – AAA
H3C S3100 Series Ethernet Switches
Operation
Set the MAC address
format of the
Calling-Station-Id
(Type 31) field in
RADIUS packets
Set the source IP
address of outgoing
RADIUS messages
Note:
Generally, the access users are named in the userid@isp-name or userid.isp-name
format. Here, isp-name after the "@" or "." character represents the ISP domain
name, by which the device determines which ISP domain a user belongs to.
However, some old RADIUS servers cannot accept the user names that carry ISP
domain names. In this case, it is necessary to remove domain names from user
names before sending the user names to RADIUS server. For this reason, the
user-name-format command is designed for you to specify whether or not ISP
domain names are carried in the user names to be sent to RADIUS server.
For a RADIUS scheme, if you have specified to remove ISP domain names from
user names, you should not use this RADIUS scheme in more than one ISP domain.
Otherwise, such errors may occur: the RADIUS server regards two different users
having the same name but belonging to different ISP domains as the same user
(because the usernames sent to it are the same).
In the default RADIUS scheme "system", ISP domain names are removed from user
names by default.
The purpose of setting the MAC address format of the Calling-Station-Id (Type 31)
field in RADIUS packets is to improve the switch's compatibility with different
RADIUS servers. This setting is necessary when the format of Calling-Station-Id
field recognizable to RADIUS servers is different from the default MAC address
format on the switch. For details about field formats recognizable to RADIUS
servers, refer to the corresponding RADIUS server manual.

2.2.9 Configuring the Local RADIUS Authentication Server Function

The switch provides the local RADIUS server function (including authentication and
authorization), also known as the local RADIUS authentication server function, in
Command
calling-station-id mode
{ mode1 | mode2 }
{ lowercase | uppercase }
RADIUS scheme view
nas-ip ip-address
System view
radius nas-ip ip-address
2-20
Chapter 2 AAA Configuration
Remarks
Optional
By default, the MAC address
format is
XXXX-XXXX-XXXX, in
lowercase.
Optional
By default, no source IP
address is set; and the IP
address of the
corresponding outbound
interface is used as the
source IP address.