radius-attribute hw-user-password simple coa-request

Function

The radius-attribute hw-user-password simple coa-request command configures the simple password decryption mode for the hw-user-password attribute (Huawei-proprietary attribute 33).

The undo radius-attribute hw-user-password simple coa-request command restores the default configuration.

By default, a RADIUS server determines the password decryption mode based on the first byte of the hw-user-password attribute: If the first byte is 0x00, the PAP mode is used; if the first byte is 0x01, the CHAP mode is used.

This command is supported only on the NetEngine 8000 F1A.

Format

radius-attribute hw-user-password simple coa-request

undo radius-attribute hw-user-password simple coa-request

Parameters

None

Views

RADIUS server group view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
bras-radius	write

Usage Guidelines

Usage Scenario

If a CoA request message contains both Huawei-proprietary attributes 33 and 34, a re-authentication needs to be performed. If a RADIUS server cannot use the PAP or CHAP mode to decrypt the password in attribute 33 (hw-user-password), run the radius-attribute hw-user-password simple coa-request command to configure the simple password decryption mode for the hw-user-password attribute.

Configuration Impact

After this command is run, a RADIUS server ignores the first byte of the hw-user-password attribute and uses only the simple password decryption mode.

Precautions

In VS mode, this command is supported only by the admin VS.

After this command is run, a password is stored in simple mode in the configuration file, which has a high security risk. Therefore, exercise caution when running this command.

Example

# Configure the simple password decryption mode for the hw-user-password attribute.

<HUAWEI> system-view
[~HUAWEI] radius-server group huawei
[*HUAWEI-radius-huawei] commit
[~HUAWEI-radius-huawei] radius-attribute hw-user-password simple coa-request