beautypg.com

Configuring the local radius server – H3C Technologies H3C S3600 Series Switches User Manual

Page 535

background image

2-19

z

Generally, the access users are named in the userid@isp-name or userid.isp-name format. Here,

isp-name after the “@” or “.” character represents the ISP domain name, by which the device

determines which ISP domain a user belongs to. However, some old RADIUS servers cannot

accept the usernames that carry ISP domain names. In this case, it is necessary to remove domain

names from usernames before sending the usernames to RADIUS server. For this reason, the

user-name-format command is designed for you to specify whether or not ISP domain names are

carried in the usernames to be sent to RADIUS server.

z

For a RADIUS scheme, if you have specified to remove ISP domain names from usernames, you

should not use this RADIUS scheme in more than one ISP domain. Otherwise, such errors may

occur: the RADIUS server regards two different users having the same name but belonging to

different ISP domains as the same user (because the usernames sent to it are the same).

z

In the default RADIUS scheme "system", ISP domain names are removed from usernames by

default.

z

The purpose of setting the MAC address format of the Calling-Station-Id (Type 31) field in RADIUS

packets is to improve the switch’s compatibility with different RADIUS servers. This setting is

necessary when the format of Calling-Station-Id field recognizable to RADIUS servers is different

from the default MAC address format on the switch. For details about field formats recognizable to

RADIUS servers, refer to the corresponding RADIUS server manual.

Configuring the Local RADIUS Server

The switch provides the local RADIUS server function (including authentication and authorization), also

known as the local RADIUS server function, in addition to RADIUS client service, where separate

authentication/authorization server and the accounting server are used for user authentication.

Follow these steps to configure the local RADIUS server function:

To do…

Use the command…

Remarks

Enter system view

system-view

Enable UDP ports for local
RADIUS services

local-server enable

Optional

By default, the UDP ports for
local RADIUS services are
enabled.

Configure the parameters of
the local RADIUS server

local-server nas-ip ip-address
key password

Required

By default, a local RADIUS
server is configured with an
NAS IP address of 127.0.0.1.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: