radius-attribute set

Function

The radius-attribute set command modifies the RADIUS attributes.

The undo radius-attribute set command restores the default RADIUS attributes.

By default, values of the RADIUS attributes are not modified.

Format

radius-attribute set attribute-name attribute-value [ auth-type mac | user-type ipsession ]

undo radius-attribute set attribute-name

Parameters

Parameter	Description	Value
attribute-name	Specifies the name of the attribute to be modified.	The value is a string of 1 to 64 characters. After the name is entered, the system automatically associates the RADIUS attribute with the name.
attribute-value	Indicates the value of the attribute to be modified.	The value of attribute-value is automatically displayed.
auth-type mac	Sets the user authentication mode to MAC address authentication. Only the Service-Type attribute supports this parameter.	-
user-type ipsession	Specifies the users with user type being IP session. Only the Service-Type attribute supports this parameter.	-

Views

RADIUS server template view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The RADIUS attribute values of different vendors are different. To ensure that Huawei device can successfully communicate with the devices of other vendors, run the radius-attribute set command to modify the RADIUS attribute values.

For example, the Huawei device uses Service-Type value 2 to indicate an authentication request from a common user by default, while a non-Huawei RADIUS server uses Service-Type value 1 to indicate an authentication request from a common user; you can run the radius-attribute set service-type 1 command to change the Service-Type value on the device so that the device can communicate with the RADIUS server.

Precautions

The radius-attribute set command can modify only the RADIUS attributes in the authentication or accounting request packets sent from a device to the RADIUS server, and cannot modify the RADIUS attributes in the packets sent from the RADIUS server to a device.

If you run the display radius-attribute command to check the RADIUS attributes supported by a device and the Auth Req or Acct Req field in the command output displays 1, the RADIUS attributes supported by the device can be carried in the authentication or accounting request packets sent from the device to the RADIUS server.

Among the RADIUS attributes that can be carried in the authentication or accounting packets sent from the device to the RADIUS server, you cannot run the radius-attribute set command to modify the following attributes: User-Password, Agent-Circuit-Id, Agent-Remote-Id, NAS-IP-Address, NAS-IPv6-Address, CHAP-Password, CHAP-Challenge, EAP-Message, Framed-Interface-Id, Framed-IPv6-Prefix, and Message-Authenticator.
The type of the attribute modified by the radius-attribute set command cannot be changed.
If the value of the HW-Output-Committed-Information-Rate attribute is changed to 0, sent packets do not carry this attribute.
During MAC address authentication, the default value of the RADIUS attribute Service-Type is 10. When a fixed user name is used for MAC address authentication, you need to run the radius-attribute set service-type 2 auth-type mac command to set the RADIUS attribute Service-Type to 2.

Example

# Create the template temp1 and set the Service-Type attribute value to 1.

<HUAWEI> system-view
[HUAWEI] radius-server template temp1
[HUAWEI-radius-temp1] radius-attribute set service-type 1