< Home

RADIUS

Context

RADIU protects a network from unauthorized access. It is typically used on networks that require high security and control remote user access.

Procedure

  • Configure a RADIUS server profile.

    • Create a RADIUS server profile.
      1. Choose Configuration > Security Services > AAA and click the RADIUS tab, as shown in Figure 1.
        Figure 1 RADIUS configuration

      2. Click Create in RADIUS Server Profile to open the Create RADIUS Server Profile page, as shown in Figure 2.
        Figure 2 Create RADIUS Server Profile page

        Table 1 describes the parameters on the page.
        Table 1 Parameters for creating a RADIUS server profile

        Parameter

        Description

        Profile name

        Name of a RADIUS server profile.
        STA HT Mode
        • Active/Standby mode: When multiple RADIUS authentication or accounting servers are configured, the server with the highest weight becomes the active server, and the other servers are backup servers. Among the backup servers, the servers with a higher weight have a higher priority.
        • Load balancing mode: When multiple RADIUS authentication or accounting servers are configured, user authentication or accounting requests are sent to the servers based on the weight proportion of each server.
        NAS IP address NAS-IP-Address attribute of RADIUS packets sent by the device.

        Profile default shared key

        RADIUS shared key.
        NAS Identifier mode Encapsulation format of the NAS-Identifier attribute.
        • Device Host Name: Sets the encapsulation format of NAS-Identifier to a user's host name.
        • User VLAN ID: Sets the encapsulation format of NAS-Identifier to a user's VLAN ID.
        • AP MAC: Sets the encapsulation format of NAS-Identifier to the AP's MAC address.

        User name format in packets

        User name format in packets sent from the device to the RADIUS server.

        • Original user name: The device does not modify the user name entered by the user in the packets sent to the RADIUS server.
        • With domain name: The device encapsulates the domain name in the user name when sending RADIUS packets to the RADIUS server.
        • Without domain name: The device does not encapsulate the domain name in the user name when sending RADIUS packets to the RADIUS server.

        MAC address format in Calling-Station-Id

        		 Encapsulation format of the MAC address in the Calling-Station-ID attribute of RADIUS packets.
        Called-Station-ID format Content encapsulated in the Called-Station-ID attribute of RADIUS packets.
        Separator Separator before the SSID encapsulated in the Called-Station-ID attribute.

        This parameter is supported only when Containing the SSID is selected.
        MAC address format in Called-Station-Id Encapsulation format of the MAC address in the Called-Station-ID attribute of RADIUS packets.

        This parameter is supported only when Called-Station-ID format is set to AP MAC or AC MAC.
      3. On the Create RADIUS Server Profile page, click Create Server. The Create Server Configuration page is displayed, as shown in Figure 3.
        Figure 3 Create Server Configuration page

        Table 2 describes the parameters on the page.
        Table 2 Parameters for creating a server

        Parameter

        Description

        IP address

        IP address of a RADIUS server.
        Shared key

        Shared key of the RADIUS server.

        Server Settings

        The following parameters are valid only when Authentication is selected.

        Port number

        Port number of the authentication server.

        Weight

        Weight of the authentication server.

        Source address of outgoing packets

        Source IP address of the RADIUS authentication server.

        Server Settings

        The following parameters are valid only when Accounting is selected.

        Port number

        Port number of the accounting server.

        Weight

        Weight of the accounting server.

        Source address of outgoing packets

        Source IP address of the accounting server.
      4. Set parameters for the RADIUS server.
      5. Click OK.
    • Modify a RADIUS server profile.
      1. Choose Configuration > Security Services > AAA and click the RADIUS tab.
      2. Select a RADIUS server profile in RADIUS Server Profile to open the RADIUS server profile modification page.
      3. Modify the parameters of the RADIUS server profile. Table 1 describes the parameters for modifying a spectrum profile.
      4. Click OK.

  • Configure an authorization server.

    • Create an authorization server.
      1. Choose Configuration > Security Services > AAA and click the RADIUS tab.
      2. Click Create in Authorization Server to open the Create Authorization Server page, as shown in Figure 4.
        Figure 4 Create Authorization Server page

        Table 3 describes the parameters on the page.
        Table 3 Parameters for creating an authorization server

        Parameter

        Description

        Authorization server IP address

        IP address of an authorization server.

        Profile name

        Name of the created RADIUS server profile.

        Key

        Shared key of the RADIUS authorization server.
      3. Set parameters for authorization server.
      4. Click OK.
    • Modify an authorization server.
      1. Choose Configuration > Security Services > AAA and click the RADIUS tab.
      2. Select the authentication server in Authorization Server.
      3. Modify parameters for authorization server. Table 3 describes the parameters for modifying an authorization server.
      4. Click OK.

Parent Topic: AAA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >