Configuring radius related attributes, Specifying nas-port-type for an interface, Specifying a nas id profile for an interface – H3C Technologies H3C SecPath F1000-E User Manual

Page 131

121

Specifying the authentication domain for portal users

After you specify the authentication domain for portal users on an interface, the firewall will use the

authentication domain for authentication, authorization, and accounting (AAA) of all portal users on the

interface, ignoring the domain names carried in the usernames. This allows you to specify different
authentication domains for different interfaces as needed.
To specify the authentication domain for portal users on an interface:

Step Command

Remarks

Enter system view.

system-view

N/A

Enter interface view.

interface interface-type
interface-number

N/A

Specify the authentication
domain for portal users on the

interface.

portal domain domain-name

By default, no authentication
domain is specified for portal

users.

NOTE:

The firewall selects the authentication domain for a portal user on an interface in this order: the
authentication domain specified for the interface, the authentication domain carried in the username, and

the system default authentication domain. For information about the default authentication domain, see

"Configuring AAA."

Configuring RADIUS related attributes

Specifying NAS-Port-Type for an interface

NAS-Port-Type is a standard RADIUS attribute for indicating a user access port type. With this attribute

specified on an interface, when a portal user logs on from the interface, the firewall uses the specified

NAS-Port-Type value as that in the RADIUS request to be sent to the RADIUS server. If NAS-Port-Type is not

specified, the firewall uses the access port type obtained.
To specify the NAS-Port-Type value for an interface:

Step Command

Remarks

Enter system view.

system-view

N/A

Enter interface view.

interface interface-type
interface-number

N/A

Specify the NAS-Port-Type
value for the interface.

portal nas-port-type { ethernet |
wireless }

Not configured by default

Specifying a NAS ID profile for an interface

In some networks, users' access points are identified by their access VLANs. Network carriers need to
use NAS-identifiers to identify user access points. With a NAS ID profile specified on an interface, when

a user logs in from the interface, the access device will check the specified profile to obtain the NAS ID

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS