radius-server calling-station-id disable

Function

The radius-server calling-station-id disable with-llid-fail command disables a device from carrying the Calling-Station-Id attribute in the authentication and accounting packets for the second authentication when the LLID information fails to be obtained (for example, the RADIUS server does not deliver the No. 31 public attribute Calling-Station-Id, a RADIUS Access-Reject packet is received, or the authentication times out).

The undo radius-server calling-station-id disable with-llid-fail command cancels the configuration.

By default, the authentication and accounting packets for the second authentication carry the Calling-Station-Id attribute.

This command is supported only on the NetEngine 8000 F1A.

Format

radius-server calling-station-id disable with-llid-fail

undo radius-server calling-station-id disable with-llid-fail

Parameters

None

Views

RADIUS server group view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bras-radius write

Usage Guidelines

Usage Scenario

After the radius-server calling-station-id include llid user-type { ppp | lns }* command is run, users will be authenticated twice. If the system fails to obtain the Logical Line ID (LLID) information carried in the Calling-Station-Id attribute of the first authentication accept packets from the RADIUS server, the authentication and accounting packets for the second authentication will carry the No. 31 RADIUS public Calling-Station-Id attribute by default. To disable the device from carrying the Calling-Station-Id attribute in the authentication and accounting packets for the second authentication when the LLID information fails to be obtained, run the radius-server calling-station-id disable with-llid-fail command. This configuration helps identify the users who have failed to obtain the LLID information.

When a device fails to obtain the local loopback ID (LLID) from the RADIUS server, the authentication and accounting packets sent during second authentication by default carry the RADIUS public No. 31 attribute Calling-Station-Id. To filter the users who fail to obtain the LLID, run the radius-server calling-station-id disable with-llid-fail command so that the authentication packets sent during second authentication do not carry the RADIUS public No. 31 attribute Calling-Station-Id when the LLID fails to be obtained.

LLID can be enabled for LNS users when the following conditions are met:

  1. The avp calling-number disable command has been run for the L2TP group of a LAC.
  2. Neither the radius-server calling-station-id lns-default version1 nor radius-server calling-station-id lns-default version1 force command is run for the RADIUS server group (not the authentication server for first LLID authentication) of the LNS.
  3. The radius-attribute include nas-port-id command has been run for the RADIUS server for the first LLID authentication on the LNS.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Disable the device from carrying the Calling-Station-Id attribute in the authentication and accounting packets for the second authentication when the LLID information fails to be obtained.
<HUAWEI> system-view
[~HUAWEI] radius-server group huawei
[~HUAWEI-radius-huawei] radius-server calling-station-id disable with-llid-fail
Parent Topic: AAA and User Management Configuration (Access User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >