The radius-attribute check command enables the device to check the specified attributes in the received RADIUS Access-Accept packets.
The undo radius-attribute check command disables the device from checking the specified attributes in the received RADIUS Access-Accept packets.
By default, the device does not check whether a RADIUS Access-Accept packet contains the specified attributes.
Parameter |
Description |
Value |
|---|---|---|
attribute-name |
Specifies the name of the RADIUS attribute. If this parameter is specified, the RADIUS Access-Accept packets are checked based on attribute names. |
The value is a string of 1 to 64 characters. After the name is entered, the system automatically associates the RADIUS attribute with the name. |
Usage Scenario
After the radius-attribute check command is executed, the device checks whether the received RADIUS Access-Accept packets contain the specified attributes. If yes, the device considers that authentication was successful; if not, the device considers that authentication failed and discards the packet. For example, after the radius-attribute check filter-id command is executed, the device checks the filter-id attribute in the received RADIUS Access-Accept packets. If a RADIUS packet does not contain this attribute, authentication fails.
Precautions