vendor-class

Function

The vendor-class command configures the vendor-class (dhcpv4 option60/dhcpv6 option16) attribute and fuzzy or exact match of the domain name information.

The undo vendor-class command cancels the configuration.

By default, the vendor-class attribute carries domain name information, the default matching mode is exact match, and the vendor-class attribute is not encrypted.

This command is supported only on the NetEngine 8000 F1A.

Format

vendor-class [ cn | [ offset offset ] { length length | sub-option sub-option [ sub-offset sub-offset ] [ sub-length sub-length ] } ] { domain-included | included-in-domain } { exact-match | partial-match } [ encrypt ]

undo vendor-class

Parameters

Parameter Description Value
cn

Uses the cn mode for user domain identification.

-
offset offset

Specifies the offset of a vendor-class option. After this parameter is configured, the BRAS identifies a user domain based on the vendor-class option after offset.

The value is an integer ranging from 1 to 254.
length length

Specifies which part of a vendor-class option is used for user domain identification. After this parameter is configured, only the specified part of the vendor-class option is used for domain identification.

The value is an integer ranging from 1 to 254.
sub-option sub-option

Specifies the code of a vendor-class sub-option used for user domain identification.

The value is an integer ranging from 1 to 255.
sub-offset sub-offset

Specifies the offset for a vendor-class sub-option used for user domain identification.

The value is an integer ranging from 1 to 254.
sub-length sub-length

Specifies which part of a vendor-class sub-option is used for user domain identification. After this parameter is configured, only the specified part of the vendor-class sub-option is used for domain identification.

The value is an integer ranging from 1 to 254.
domain-included

Indicates that the vendor-class option contains the domain name.

-
included-in-domain

Indicates that the vendor-class option contains a partial domain name.

-
exact-match

Indicates the content of the vendor-class string complete match.

-
partial-match

Indicates the content of the vendor-class string partial match (complete match is not required).

-
encrypt

Encrypts the domain name in the vendor-class option. After encrypt is configured, the device will send the encrypted option 60 to the AAA server as the user domain name.

-

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bras-control write

Usage Guidelines

Usage Scenario

The command can be used to encrypt the client information or send the vendor-class ( dhcpv4 option60/dhcpv6 option16) defined by the device manufacturer to the Radius server.

The cn keyword has the same function as the offset 2 sub-option 31 sub-offset 44 sub-length 4 configuration. If the cn keyword is configured, the RADIUS server uses login information obtained from vendor-class sub-option 31 to parse the user domain (offset, sub-offset, and sub-length determines which part of vendor-class sub-option 31 is used for user domain identification).

With the offset, length, sub-option, sub-offset, and sub-length parameters, a RADIUS server can flexibly obtain information used for user domain parsing.

When the NetEngine 8000 F fails to parse the vendor-class attribute of a DHCP packet, if the domain name in the vendor-class attribute is encrypted, the NetEngine 8000 F sends unparsed contents of the vendor-class attribute in the format of username@vendor-class to the RADIUS server. After parsing the domain name, the RADIUS server sends the No.138 attribute carrying the domain name to the . Then, the NetEngine 8000 F authorizes the user to go online by using the delivered domain name.

If encryption is not configured for the domain name in the vendor-class attribute, the NetEngine 8000 F does not send the vendor-class attribute to the RADIUS server, and the NetEngine 8000 F performs authorization based on the authentication domain.

The dhcp option-60 command has the same function as the vendor-class command. The later configured command overrides the previous one. When running the undo form of the command, you must ensure that the keywords of the two commands are the same. For example, if the dhcp option-60 command is configured, you can run only the undo dhcp option-60 command to delete this command; if the vendor-class command is configured, you can run only the undo vendor-class command to delete this command.

The display dhcp option-60 command displays both dhcp option-60 and vendor-class configurations.

The display vendor-class command displays both dhcp option-60 and vendor-class configurations.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Configure the vendor-class attribute to carry domain name information.
<HUAWEI> system-view
[~HUAWEI] vendor-class domain-included exact-match
Parent Topic: IPoE Access Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >