The radius-server authorization match-type command configures the method used by a device to perform a match check between the RADIUS attribute in the received COA or DM Request packet and user information on the device.
The undo radius-server authorization match-type command restores the default setting.
By default, a device performs a match check between the RADIUS attribute in the received COA or DM Request packet and user information on the device using the any method, namely, the device performs a match check between a selected attribute in the Request packet and user information on the device.
radius-server authorization match-type { any | all }
undo radius-server authorization match-type
Parameter |
Description |
Value |
|---|---|---|
any |
Indicates that the device performs a match check between a specified attribute and user information on the device. |
- |
| all | Indicates that the device performs a match check between all attributes and user information on the device. |
- |
Usage Scenario
all method: The device performs a match check between all attributes and user information on the device. The device identifies the following RADIUS attributes used by the users: Acct-Session-ID (4), Calling-Station-Id (31), Framed-IP-Address (8), and User-Name (1) The device performs a match check between all the preceding attributes in the Request packet and user information on the device. If all the preceding attributes are successfully matched, the device responds with an ACK packet; otherwise, the device responds with a NAK packet.
Precautions
When the RADIUS attribute translation function is configured in the RADIUS template using the radius-attribute translate command, the match will fail.