Configuring The Local Radius Server - H3C S5100-SI Series Operation Manual
Hide thumbs
Also See for S5100-SI Series:
- Operation manual (830 pages) ,
- Installation manual (104 pages) ,
- Quick start manual (78 pages)
Table of Contents
Advertisement
Operation Manual – AAA
H3C S5100-SI/EI Series Ethernet Switches
Note:
Generally, the access users are named in the userid@isp-name or userid.isp-name
format. Here, isp-name after the "@" or "." character represents the ISP domain
name, by which the device determines which ISP domain a user belongs to.
However, some old RADIUS servers cannot accept the usernames that carry ISP
domain names. In this case, it is necessary to remove domain names from
usernames before sending the usernames to RADIUS server. For this reason, the
user-name-format command is designed for you to specify whether or not ISP
domain names are carried in the usernames to be sent to RADIUS server.
For a RADIUS scheme, if you have specified to remove ISP domain names from
usernames, you should not use this RADIUS scheme in more than one ISP domain.
Otherwise, such errors may occur: the RADIUS server regards two different users
having the same name but belonging to different ISP domains as the same user
(because the usernames sent to it are the same).
In the default RADIUS scheme "system", ISP domain names are removed from
usernames by default.
The purpose of setting the MAC address format of the Calling-Station-Id (Type 31)
field in RADIUS packets is to improve the switch's compatibility with different
RADIUS servers. This setting is necessary when the format of Calling-Station-Id
field recognizable to RADIUS servers is different from the default MAC address
format on the switch. For details about field formats recognizable to RADIUS
servers, refer to the corresponding RADIUS server manual.
2.2.9 Configuring the Local RADIUS Server
The switch provides the local RADIUS server function (including authentication and
authorization), also known as the local RADIUS server function, in addition to RADIUS
client service, where separate authentication/authorization server and the accounting
server are used for user authentication.
Follow these steps to configure the local RADIUS server function:
Enter system view
Enable UDP ports for
local RADIUS services
To do...
system-view
local-server enable
Use the command...
2-21
Chapter 2 AAA Configuration
Remarks
—
Optional
By default, the UDP ports
for local RADIUS services
are enabled.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
