9 configuring local radius authentication server, Configuring local, Radius – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-29

Operation

Command

Description

RADIUS scheme view
nas-ip ip-address

Set the source IP address

of outgoing RADIUS

messages

System view
radius nas-ip
ip-address

Optional
By default, no source IP

address is set; and the IP

address of the

corresponding outbound

interface is used as the

source IP address.

Caution:

z

Generally, the access users are named in the userid@isp-name format. Here,
isp-name

behind the @ character represents the ISP domain name, by which the

device determines which ISP domain a user belongs to. However, some old
RADIUS servers cannot accept the user names that carry ISP domain names. In
this case, it is necessary to remove domain names from user names before sending
the user names to RADIUS server. For this reason, the user-name-format
command is designed for you to specify whether or not ISP domain names are
carried in the user names to be sent to RADIUS server.

z

For a RADIUS scheme, if you have specified to remove ISP domain names from
user names, you should not use this RADIUS scheme in more than one ISP domain.
Otherwise, such errors may occur: the RADIUS server regards two different users
having the same name but belonging to different ISP domains as the same user
(because the usernames sent to it are the same).

z

In the default RADIUS scheme "system", ISP domain names are removed from user
names by default.

1.4.9 Configuring Local RADIUS Authentication Server

Table 1-20

Configure local RADIUS authentication server

Operation

Command

Description

Enter system view

system-view

—

Enable UDP port for local

RADIUS authentication

server

local-server enable

Optional
By default, the UDP port

for local RADIUS

authentication server is

enabled.