radius-attribute translate extend

Function

The radius-attribute translate extend command performs proprietary RADIUS attribute translation.

The undo radius-attribute translate extend command cancels proprietary RADIUS attribute translation.

By default, proprietary RADIUS attribute translation is not configured.

Format

radius-attribute translate extend src-attr-description dest-attr-description { access-request | access-accept | account } ^*

radius-attribute translate extend src-attr-description vendor-specific src-vendor-id src-sub-attr-id { access-request | account } ^*

radius-attribute translate extend vendor-specific src-vendor-id src-sub-attr-id dest-attr-description access-accept

undo radius-attribute translate extend [ src-attr-description | vendor-specific src-vendor-id src-sub-attr-id ]

Parameters

Parameter	Description	Value
src-attr-description	Specifies the source attribute description. The value can automatically match the attribute names in the attribute dictionary.	The value is a string of 1 to 64 characters.
dest-attr-description	Specifies the destination attribute description. The value can automatically match the attribute names in the attribute dictionary.	The value is a string of 1 to 64 characters.
access-request	Indicates an access-request packet.	-
access-accept	Indicates an access-accept packet.	-
account	Indicates an accounting packet.	-
extend	Indicates an extension attribute.	-
vendor-specific src-vendor-id	Specifies the vendor ID.	The value is an integer of 1 to 4294967295
src-sub-attr-id	Specifies the sub ID.	The value is an integer of 1 to 255

Views

RADIUS server group view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
radius	write

Usage Guidelines

Usage Scenario

When the device connects to the RADIUS server, the RADIUS attributes supported by the two devices may be different. If the formats of the attributes are the same and only the vendor number and attribute number are different, you can use the attribute conversion to adapt to the differences.

Prerequisites

Before performing RADIUS attribute translation, you need to run the radius-server attribute translate command to enable RADIUS attribute explanation.

Configuration Impact

After the attribute translation function is configured, the device can encapsulate or parse src-attribute by using the format of dest-attribute when transmitting or receiving RADIUS packets. By doing this, the device can communicate with different types of RADIUS servers.

For details about the attributes that can be translated and attribute translation formats, see "RADIUS Attributes" in the Feature Description.

Precautions

For the same source attribute name and destination attribute name, if different packet types (access-accept, access-request, and account) are configured for multiple times, the union set of the packet types is used.
For the same source attribute name, only one destination attribute name can be configured. To configure a new destination attribute name, delete the current destination attribute name first.
After the function to convert attributes is enabled, the converted attributes cannot be modified through flexible interoperation of RADIUS attributes based on the attribute number used before the conversion.
The hw-avpair attribute can be converted into an attribute with a specified supplier ID.
A source RADIUS attribute can be translated only into a destination RADIUS attribute of the same type.

Example

# Translate the hw-avpair attribute in the access-accept packet into the hw-account-info attribute.

<HUAWEI> system-view
Enter system view, return user view with return command.
[~HUAWEI] radius-server group huawei
Info: Create a new server group 
[*HUAWEI-radius-huawei] commit
[~HUAWEI-radius-huawei] radius-attribute translate extend hw-avpair hw-account-info access-request