radius-attribute translate

Function

The radius-attribute translate command performs RADIUS attribute translation.

The undo radius-attribute translate command cancels RADIUS attribute translation.

By default, attributes are not converted, and are encapsulated and decapsulated in default mode.

Format

radius-attribute translate src-attr-description dest-attr-description { receive | send } ^*

radius-attribute translate src-attr-description dest-attr-description { access-request | access-accept | account } ^*

undo radius-attribute translate [ attr-description ]

Parameters

Parameter	Description	Value
src-attr-description	Specifies the source attribute description. The value can automatically match the attribute names in the attribute dictionary.	The value is a string of 1 to 64 characters.
dest-attr-description	Specifies the destination attribute description. The value can automatically match the attribute names in the attribute dictionary.	The value is a string of 1 to 64 characters.
receive	Performs RADIUS attribute translation for the response packet sent from the receiver.	-
send	Performs RADIUS attribute translation for the request packet sent from the sender.	-
access-request	Indicates an access-request packet.	-
access-accept	Indicates an access-accept packet.	-
account	Indicates an accounting packet.	-
attr-description	Attribute name.	The value is a string of 1 to 64 characters.

Views

RADIUS server group view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
radius	write

Usage Guidelines

Usage Scenario

When the device connects to the RADIUS server, the RADIUS attributes supported by the two devices may be different. If the formats of the attributes are the same and only the vendor number and attribute number are different, you can use the attribute conversion to adapt to the differences.

Prerequisites

Before performing RADIUS attribute translation, you need to run the radius-server attribute translate command to enable RADIUS attribute explanation.

Configuration Impact

After the attribute translation function is configured, thedevice can encapsulate or parse src-attribute by using the format of dest-attribute when transmitting or receiving RADIUS packets. By doing this, thedevice can communicate with different types of RADIUS servers.

For details about the attributes that can be translated and attribute translation formats, see "RADIUS Attributes" in the Feature Description.

Precautions

You can perform RADIUS attribute translation for both the receiver and sender simultaneously.
A source RADIUS attribute can be translated only into a destination RADIUS attribute of the same type.
If you have configured RADIUS attribute translation or disabling for a packet or in a direction, you must delete the original configuration before you reconfigure RADIUS attribute translation.
RADIUS attribute translation takes effect only when specified destination attributes can also be carried in packets and sent to a RADIUS server. The destination attributes specified by src-vendor-id and src-sub-attr-id have no such limitation.
For the same source attribute name and destination attribute name, if different packet types (access-accept, access-request, and account) are configured for multiple times, the union set of the packet types is used.
For the same source attribute name and destination attribute name, if different packet directions (receive and send) are configured for multiple times, the union set of the packet directions is used.
For the same source attribute name, only one destination attribute name can be configured. To configure a new destination attribute name, delete the current destination attribute name first.
After the function to convert attributes is enabled, the converted attributes cannot be modified through flexible interoperation of RADIUS attributes based on the attribute number used before the conversion.
The hw-avpair attribute can be converted into an attribute with a specified supplier ID.

Example

# Translate the NAS-Identifier attribute in the request packet sent from the sender into the NAS-Port-Id attribute.

<HUAWEI> system-view
[~HUAWEI] radius-server group shiva
[*HUAWEI-radius-shiva] radius-attribute translate NAS-Identifier NAS-Port-Id send