radius-attribute decode-error-policy ignore hw-data-filter
Function
The radius-attribute decode-error-policy ignore hw-data-filter command configures a device to ignore a RADIUS attribute if the device fails to parse this attribute.
The undo radius-attribute decode-error-policy ignore command restores the default configuration.
By default, if a device fails to parse the HW-Data-Filter attribute in RADIUS packets, user authentication, re-authentication, and CoA operations all fail.
This command is supported only on the NetEngine 8000 F1A.
Usage Guidelines
Usage Scenario
The RADIUS server uses the HW-Data-Filter attribute to deliver dynamic ACL rules that specify forwarding behaviors for users. If a device fails to parse the HW-Data-Filter attribute, the device considers that the users' forwarding behaviors are uncontrollable. If this occurs, by default, the user authentication, re-authentication, and CoA operations all fail. As a result, users are logged out.
If basic access authorities have been configured on a device, and users' forwarding behaviors are still considered controllable even if the device fails to parse the HW-Data-Filter attribute, you can run the radius-attribute decode-error-policy ignore command to allow the device to ignore the HW-Data-Filter attribute. Therefore, the users can still stay online.Configuration Impact
This command takes effect for subsequent login users and for CoA operations of online users.
Before this command is run, if the device fails to parse the HW-Data-Filter attribute, user authentication, re-authentication, and CoA operations all fail. After this command is run, even if the device fails to parse the HW-Data-Filter attribute, the device ignores the HW-Data-Filter attribute and processes users' forwarding behaviors as if no HW-Data-Filter attribute had been delivered.Precautions
In VS mode, this command is supported only by the admin VS.