vendor-class encrypt

Function

The vendor-class encrypt command encrypts the VENDOR-CLASS(DHCPv4 OPTION60/DHCPv6 OPTION16) field value.

The undo vendor-class encrypt command cancels the configuration.

By default, the VENDOR-CLASS(DHCPv4 OPTION60/DHCPv6 OPTION16) field value is not encrypted.

This command is supported only on the NetEngine 8000 F1A.

Format

vendor-class encrypt

undo vendor-class encrypt

Parameters

None

Views

Service policy view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bras-control write

Usage Guidelines

Usage Scenario

When a DHCP user accesses the device and sends a packet carrying the VENDOR-CLASS(DHCPv4 OPTION60/DHCPv6 OPTION16) attribute, if the device parses the vendor-class attribute, the parsed contents are considered as domain information about users; if the device fails to parse the vendor-class attribute, you can run the vendor-class encrypt command to send the unparsed contents of the vendor-class attribute in the format of username<VENDOR-CLASS user name server. After parsing name, RADIUS server sends No.138 attribute carrying device. Then, BAS device authorizes to go online by using the delivered domain name.

When service identification based on vendor-class in DHCP packets is configured, the vendor-class attribute value is encrypted. After the vendor-class encrypt command is configured, the device cannot parse the vendor-class attribute into a domain name in the format of username<VENDOR-CLASS name parsing RADIUS server sends device to by using the domain and thus it for another attempt. In this case, information contained in username is never of an actual but a vendor-class string. Users, however, still access original domain.

Before configuring the vendor-class encrypt command, run the service-identify-policy command in the system view to create a service identification policy and then run the service-identify command to configure service identification based on vendor-class in DHCP packets.

The use of this command affects the generation of user names.

The vendor-class encrypt command functions the same as the option60 encrypt command. Both commands are used to encrypt the vendor-class string. If both commands are configured, the latest configuration takes effect.

Prerequisites

Before configuring the vendor-class encrypt command, run the service-identify-policy command in the system view to create a service identification policy and then run the service-identify command to configure service identification based on vendor-class in DHCP packets.

Configuration Impact

The use of this command affects the generation of user names.

The vendor-class encrypt command functions the same as the option60 encrypt command. Both commands are used to encrypt the vendor-class string. If both commands are configured, the latest configuration takes effect.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Encrypt the vendor-class attribute value after service identification based on vendor-class in DHCP packets is configured.
<HUAWEI> system-view
[~HUAWEI] service-identify-policy test
[*HUAWEI-service-identify-policy-test] undo service-identify
[*HUAWEI-service-identify-policy-test] service-identify vendor-class
[*HUAWEI-service-identify-policy-test] vendor-class encrypt
Parent Topic: IPoE Access Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >