radius-attribute disable(RADIUS server group view)

Function

The radius-attribute disable command disables a RADIUS attribute.

The undo radius-attribute disable command enables a RADIUS attribute.

By default, RADIUS attributes are enabled.

Format

For NetEngine 8000 F1A, NetEngine 8000 F2A:

radius-attribute disable { attr-description | hw-acct-update-address } { receive | send } *

radius-attribute disable extend attr-description { access-request | access-accept | account } *

radius-attribute disable { attr-description | hw-acct-update-address } { access-request | access-accept | account [ start ] } *

radius-attribute disable { attr-description | hw-acct-update-address } { ip forbid-ip | string forbid-string | bin forbid-bin-value | integer vendor-id } receive

radius-attribute disable extend vendor-specific src-vendor-id src-sub-attr-id access-accept

undo radius-attribute disable [ attr-description | hw-acct-update-address ]

undo radius-attribute disable extend [ attr-description | vendor-specific src-vendor-id src-sub-attr-id ]

undo radius-attribute disable { attr-description | hw-acct-update-address } { ip forbid-ip | string forbid-string | bin forbid-string | integer integer-value } receive

For NetEngine 8000 F1A:

radius-attribute disable { hw-acct-update-address | flow-attributes } integer integer-value account

undo radius-attribute disable [ hw-acct-update-address | flow-attributes ] integer integer-value account

For NetEngine 8000 F1A:

radius-attribute disable attr-description { coa-request | dm-request }

Parameters

Parameter Description Value
attr-description

Specifies the attribute description and can automatically match the attribute names in the attribute dictionary.

The value is a string of 1 to 64 characters.
hw-acct-update-address

Disables the HW-Acct-Update-Address attribute when the attribute value is equal to a certain integer.

Currently, the integer parameter can be set to 0 only.
receive

Disables the attribute on the receiver (response packet).

-
send

Disables the attribute on the sender (request packet).

-
extend

Specifies the extended attribute description.

-
access-request

Indicates an access-request packet.

-
access-accept

Indicates an access-accept packet.

-
account

Indicates an accounting packet.

-
start

Disables the Acct-Delay-Time attribute in accounting-start packets.

-
ip forbid-ip

Specifies an IP address.

This value uses the dotted decimal notation.
string forbid-string

Specifies a string.

The value is a string of 1 to 254 characters.
bin forbid-bin-value

Specifies a binary number.

The value ranges from 1 to 254 in the binary format.
integer integer-value

Specifies an integer.

The value is an integer ranging from 0 to 4294967295.
vendor-id

Vendor id.

The value is an integer ranging from 1 to 4294967295.
vendor-specific src-vendor-id

Specifies the vendor-specific attribute ID.

The value is an integer ranging from 1 to 4294967295.
src-sub-attr-id

Specifies the vendor-specific sub-attribute ID.

The value is an integer ranging from 1 to 255.
integer-value

Forbid integer value.

NOTE:

This parameter is supported only on the NetEngine 8000 F1A.

The value is 0.
flow-attributes

If you specify the flow-attributes parameter, the following RADIUS attributes are all disabled:

  • Acct-Input-Octets.
  • Acct-Output-Octets.
  • Acct-Input-Packets.
  • Acct-Output-Packets.
  • Acct-Input-Gigawords.
  • Acct-Output-Gigawords.
  • HW-Acct-IPV6-Input-Octets.
  • HW-Acct-IPV6-Output-Octets.
  • HW-Acct-IPV6-Input-Packets.
  • HW-Acct-IPV6-Output-Packet.
  • HW-Acct-IPV6-Input-Gigawords.
  • HW-Acct-IPV6-Output-Gigawords.
NOTE:

This parameter is supported only on the NetEngine 8000 F1A.

Currently, the integer parameter can be set to 0 only.
coa-request

Specifies a CoA-Request packet.

NOTE:

This parameter is supported only on the NetEngine 8000 F1A.

-
dm-request

Specifies a DM request packet.

NOTE:

This parameter is supported only on the NetEngine 8000 F1A.

-

Views

RADIUS server group view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
radius write

Usage Guidelines

Usage Scenario

The radius-attribute disable command is used in the following scenarios:

  • When the server cannot identify or does not expect some of the attributes carried in the packets sent by the device, run the radius-attribute disable command to disable the device from encapsulating the attributes into the packets.
  • When the device is not expected to receive and apply some of the attributes delivered by the server, run the radius-attribute disable command to disable the device from processing the attributes.

Prerequisites

The radius-server attribute translate command has been run to enable RADIUS attribute translation.

Configuration Impact

After a specified RADIUS attribute is disabled, the attribute is neither encapsulated into packets sent to the server nor processed after it is received by the device.

Precautions

  • If attribute conversion has been configured to attributes carried in a specified type of packets sent or received, you must delete the configuration before you disable the attributes.
  • The radius-attribute disable command applies only to attributes that are sent to the server by default.
  • If a parameter is specified, the attribute matching this parameter is disabled.
  • Attributes carried in sent and received packets can be both disabled.
  • The radius-attribute disable extend command is exclusive with the radius-attribute disable command in the same RADIUS server group.
  • After the function to disable attributes is enabled, the disabled attributes cannot be modified through flexible interoperation of RADIUS attributes.

    In VS mode, this command is supported only by the admin VS.

Example

# Disable the Account attribute in the request packet.
<HUAWEI> system-view
[~HUAWEI] radius-server group shiva
[*HUAWEI-radius-shiva] radius-server attribute translate
[*HUAWEI-radius-shiva] radius-attribute disable account send
# Disable the Framed-Route attribute in the request packet.
<HUAWEI> system-view
[~HUAWEI] radius-server group shiva
[*HUAWEI-radius-shiva] radius-server attribute translate
[*HUAWEI-radius-shiva] radius-attribute disable framed-route send
# Disable the Frame-Route attribute in the request packet.
<HUAWEI> system-view
[~HUAWEI] radius-server group shiva
[*HUAWEI-radius-shiva] radius-server attribute translate
[*HUAWEI-radius-shiva] radius-attribute disable frame-route send
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >