< Home

radius-server authorization hw-ext-specific command down-port disable

Function

The radius-server authorization hw-ext-specific command down-port disable command configures the function of ignoring the authorization attribute indicating that the port is disabled in a CoA packet.

The undo radius-server authorization hw-ext-specific command down-port disable command restores the default setting.

By default, the device supports the authorization attribute indicating that the port is disabled in a CoA packet.

Format

radius-server authorization hw-ext-specific command down-port disable

undo radius-server authorization hw-ext-specific command down-port disable

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The value of the user-command field in the RADIUS attribute HW-Ext-Specific(26-238) carried in a CoA packet can be:
  • 1: Indicates that user reauthentication will be performed.
  • 2: Indicates that the port where the authorized user resides goes Down intermittently.
  • 3: Indicates that the port where the authorized user resides is disabled.

When the value of the user-command field in a CoA packet sent by the RADIUS server is 3, users go offline and their network access rights are blocked. The most obvious impact of this is that the port where the authorized user resides is disabled. If you want to enable this port, you have to log in to the device to manually enable it. To avoid unintentionally making users go offline, you can disable the authorization attribute in a CoA packet indicating that the port is disabled by running the radius-server authorization hw-ext-specific command down-port disable command.

Precautions

Pay attention to the following points if the value of the user-command field in the RADIUS attribute HW-Ext-Specific(26-238) carried in a CoA packet sent by the RADIUS server is 2 or 3:
  • Ensure that only one user resides on the authentication port or the user to be authenticated is directly connected to the authentication port; otherwise, other users on the authentication port will be affected if the port goes Down intermittently or disabled.
  • Only a physical port, as opposed to an Eth-Trunk, can function as the authentication port.
  • The policy association scenario is not supported.

Example

# Configure the function of ignoring the authorization attribute indicating that the port is disabled in a CoA packet.

<HUAWEI> system-view
[HUAWEI] radius-server authorization hw-ext-specific command down-port disable
Parent Topic: RADIUS Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >