Configuring A Local Radius Authentication Server - H3C S7500 Series Operation Manual

Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches
Caution:
Generally, the access users are named in the userid@isp-name format. isp-name
behind the @ character represents the ISP domain name, by which the device
determines which ISP domain it should ascribe the user to. However, some old
RADIUS servers cannot accept the user names that carry ISP domain names. In
this case, it is necessary to remove the domain names carried in the user names
before sending the user names to the RADIUS server. For this reason, the
user-name-format command is designed for you to specify whether or not ISP
domain names are to be carried in the user names sent to the RADIUS server.
For a RADIUS scheme, if you have specified that no ISP domain names are to be
carried in the user names, you should not adopt this RADIUS scheme in more than
one ISP domain. Otherwise, such errors may occur: the RADIUS server regards two
different users having the same name but belonging to different ISP domains as the
same user (because the usernames sent to it are the same).
In the default RADIUS scheme system, no ISP domain names are carried in the
usernames by default.

1.4.9 Configuring a Local RADIUS Authentication Server

Table 1-20 Configure local RADIUS authentication server
To do...
Enter system view
Create a local
RADIUS
authentication
server
Use the command...
system-view
local-server nas-ip
ip-address key
password
1-29
Chapter 1 AAA & RADIUS & HWTACACS
Remarks
—
Required
By default, a local RADIUS
authentication server has already
been created, whose NAS-IP is
127.0.0.1
Configuration