(Optional) Configuring RADIUS Attribute Translation

The NetEngine 8000 F can communicate with RADIUS servers from different vendors through the RADIUS attribute translation function.

Context

RADIUS servers from various vendors support different RADIUS attributes, and the vendors also define RADIUS attributes in different manners. This makes interconnection between the NetEngine 8000 F and RADIUS servers more difficult.

To address this problem, the NetEngine 8000 F provides the attribute translation function. After the attribute translation function is configured, the NetEngine 8000 F can encapsulate or parse src-attribute using the format of dest-attribute when transmitting or receiving RADIUS packets. By doing this, the NetEngine 8000 F can communicate with different types of RADIUS servers.

This function is applied when one attribute has multiple formats. For example, the nas-port-id attribute has a new format and an old format. The NetEngine 8000 F uses the new format. If the RADIUS server uses the old format, you can run the radius-attribute translate nas-port-id nas-port-identify-old receive send command on the NetEngine 8000 F.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run radius-server group group-name

    The RADIUS server group view is displayed.

  3. Run radius-server attribute translate

    RADIUS attribute translation is enabled.

  4. Perform one of the following operations to configure RADIUS attribute translation:
    1. Run the radius-attribute translate src-attr-description dest-attr-description { { receive | send } * } command to configure RADIUS attribute translation for request or response packets.
    2. Run the radius-attribute translate src-attr-description dest-attr-description { access-accept | { access-request | account }* } command to configure RADIUS attribute translation for Access-Accept, Access-Request, or accounting packets.
    3. Run the radius-attribute translate extend src-attr-description dest-attr-description { access-accept | { access-request | account} * } command to configure extended RADIUS attribute translation for Access-Request, Access-Accept, or accounting packets.
    4. Run the radius-attribute translate extend src-attr-description vendor-specific src-vendor-id src-sub-attr-id { access-request | account } * command to configure vendor-specific extended RADIUS attribute translation for Access-Request or accounting packets.
    5. Run the radius-attribute translate extend vendor-specific src-vendor-id src-sub-attr-id dest-attr-description access-accept command to configure vendor-specific extended RADIUS attribute translation for Access-Accept packets.
  5. Run commit

    The configuration is committed.

Parent Topic: Configuring RADIUS
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >