radius-client check-attribute-length loose
Function
The radius-client check-attribute-length loose command sets the minimum length of attributes allowed in the authentication or accounting request packets received from the AC to 2 bytes (including the T and L values only) in the RADIUS proxy scenario.
The undo radius-client check-attribute-length loose command cancels the setting.
By default, the minimum length of attributes allowed in the authentication or accounting request packets received from the AC is 3 bytes in the RADIUS proxy scenario.
This command is supported only on the NetEngine 8000 F1A.
Usage Guidelines
Usage Scenario
By default, the minimum length of attributes allowed in the authentication or accounting request packets received from the AC is 3 bytes in the RADIUS proxy scenario. Packets with the attributes in the minimum length of 2 bytes (including the T and L values only) will be discarded. To meet requirements in some special scenarios, run the radius-client check-attribute-length loose command to set the minimum length of attributes allowed in the authentication or accounting request packets received from the AC to 2 bytes (including the T and L values only).
If some RADIUS servers cannot process 2-byte attributes carried in authentication request packets, run the radius-client check-attribute-length loose correct-forwarding command to enable the device to delete 2-byte attributes from authentication request packets received from the AC and modify total packet lengths to ensure proper packet parsing and forwarding.Precautions
In VS mode, this command is supported only by the admin VS.
Example
<HUAWEI> system-view [~HUAWEI] radius-client check-attribute-length loose correct-forwarding
<HUAWEI> system-view [~HUAWEI] radius-client check-attribute-length loose