(Optional) Configuring the NAS-Port Attribute Format

You can configure different formats of the NAS-Port attribute so that the NetEngine 8000 F can communicate with RADIUS servers from different vendors.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run radius-server group group-name

    The RADIUS server group view is displayed.

  3. Run radius-server format-attribute { nas-port format-sting | nas-port-id { vendor { vendor-id [ format-string ] | redback-simple | redback-addition } | version1 | version2 } }

    The format of the NAS-Port attribute and format of the NAS-Port-Id attribute are configured.

    When you configure the format of the NAS-Port-Id attribute:

    • If vendor-id is set to 2352, the NetEngine 8000 F uses the default format of Redback to encapsulate the NAS-Port-Id attribute.

      The encapsulation format is slot/port[vpi-vci vpi vci | vlan-id [ivlan:]evlan] [pppoe sess-id | clips sess-id].

      Format example: 2/5 vlan-id 4 pppoe 8.

      If a logical interface is configured on the user access interface, encapsulate packets on the logical interface. Otherwise, encapsulate packets on the user access interface. pppoe sess-id indicates session ID of a PPPoE user. clips sess-id indicates the CID of DHCP users on the device. For packets that are not tagged with Ethernet user VLAN IDs, the VLAN ID is 0. For QinQ interfaces, evlan and ivlan indicate outer VLAN ID and inner VLAN ID, respectively.

      The logical interface mentioned is the one configured using the nas logic-port command. If you do not want the physical interface of a user to be reported, you can run this command to configure a logical interface for the physical interface.

    • If vendor-id is set to 2636, the NetEngine 8000 F uses the default format of Juniper to encapsulate the NAS-Port-Id attribute.

      The encapsulation format is {fastEthernet|gigabitEthernet} slot/port.subinterface[:vpi.vci |:ivlan]

      Format example: gigabitEthernet 2/5.4:4.

      If vendor-id is set to 2636 and version1 is specified, the NetEngine 8000 F uses the version 1 format of Juniper to encapsulate the NAS-Port-Id attribute.

      The encapsulation format is {FastEthernet|GigabitEthernet} slot/card/port.subinterface[:vpi.vci |:ivlan]

      Format example: GigabitEthernet 2/0/5.4:4

      If the logical interface configured on the user access interface is a non-trunk interface, encapsulate packets on the logical interface.

      If the logical interface is a trunk interface, encapsulate packets on the user access interface. If the user access interface is also a trunk interface, encapsulate packets on the first member interface of the trunk interface.

    • If vendor-id is set to 9, the NetEngine 8000 F uses the default format of Cisco to encapsulate the NAS-Port-Id attribute.

      The encapsulation format is {ethernet|trunk|PW} slot/subslot/port.

      Format example: ethernet 2/0/5.

      If a logical interface is configured on the user access interface, encapsulate packets on the logical interface. Otherwise, encapsulate packets on the user access interface. For Trunk and PW interfaces, the subslot number is 0.

    • If the redback-simple format is specified to encapsulate the NAS-Port-Id attribute, the encapsulation format is slot/port[vpivci vpi vci | vlanid [ivlan:]evlan] [pppoe sess-id | clips sess-id].

      Format example: 2/5 vlanid 4 pppoe 8.

      Different from the Redback format, the redback-simple format does not contain any hyphen (-) in keywords of vpivci or vlanid.

    The default NAS-Port-Id attribute format is determined by the vbas and client-option82 commands.

    • When vbas or client-option82 command is disabled (the default status) on a BAS interface, the following situations may occur:

      • If the vlanpvc-to-username is set to version20 (the default parameter),

        the format of NAS-Port-Id is: slot=xx; subslot=xx; port=xx;{VPI=xx;VCI=xx;|vlanid=xx;|vlanid=xx;vlanid2=xx;}

        Format example: slot=2;subslot=0;port=5;vlanid=4.

        The slot number, subslot number, port number, VPI number, VCI number, outer VLAN ID, and inner VLAN ID are filled with the actual values.

      • If the vlanpvc-to-username is set to version10,

        the format of NAS-Port-Id is: slot=xx;subslot=xx;port=xx;{VPI=xx;VCI=xx;|vlanid=xx;}

        Format example: slot=2;subslot=0;port=5;vlanid=4.

        The slot number, subslot number, port number, VPI number, VCI number, outer VLAN ID, and inner VLAN ID are filled with the actual values. For access users on QinQ interfaces, the inner VLAN ID is filled.

      • If the vlanpvc-to-username is set to turkey,

        the format of NAS-Port-Id is: slot number/port number vlan-id inner VLAN ID:outer VLAN ID.

        Format example: 2/5 vlan-id 4096:4.

        For untagged user packets, the IDs of inner and outer VLANs are both 4096. If the user VLAN only carries a tag, the inner VLAN ID is 4096.

      • If the vlanpvc-to-username is set to standard,

        the format of NAS-Port-Id is: {eth|trunk|PW} slot number/subslot-number/port-number:{vpi.vci| outer VLAN ID.inner VLAN ID} 0/0/0/0/0/0.

        Format example: eth 2/0/5:4096.4 0/0/0/0/0/0.

        The slot number, subslot number, port number, VPI number, VCI number, outer VLAN ID, and inner VLAN ID are filled with the actual values. For trunk interfaces, the subslot number is 0. For untagged user packets, the IDs of inner and outer VLANs are both 4096. If the user packet carries a single tag, the inner VLAN ID is 4096. In the AAA view, you can specify pevlan or cevlan in the vlanpvc-to-username standard trust { pevlan | cevlan } command. By default, both parameters are specified in the command. If only pevlan is specified, set the inner VLAN ID to 4096. If only cevlan is specified, set the outer VLAN ID to 4096.

    • The vbas or client-option82 command is configured on the BAS interface.

      • The vlanpvc-to-username is set to version20 (the default parameter) or version10 and the client-option82 basinfo-insert cn-telecom command is not run.

        • User packets carry Option 82 information.

          If VBAS is configured on the BAS interface, the interface returns Option 82 information carried by user packets.

          Format example: mse-108 eth 0/2/0/5:4.

          If the option82-relay-mode command is not configured on the BAS interface, the interface returns the first TLV value of user Option 82 information with two offset bytes.

          For example, if the user Option 82 information is abc, return c.

          If the option82-relay-mode command is configured on the BAS interface, the interface returns the required information based on the configured formats. For details, see the output information of the option82-relay-mode include command.

        • If user packets do not carry Option 82 information,

          the format of NAS-Port-Id is: hostname {eth} 0/slot-number/subslot-number/port-number:{vpi.vci|vlan| outer-VLAN.inner-VLAN}.

          Format example: MSE-108 eth 0/2/0/5:0.

          The host name configured using the nas logic-sysname command in the BAS interface view is preferentially used. If no host name is configured on the BAS interface, the default host name is used. For untagged user packets, the IDs of inner and outer VLANs are both 0. If the user packet carries only a single tag, the inner VLAN ID is 0, indicating that the inner VLAN is not displayed.

      • If vlanpvc-to-username to set to turkey and the client-option82 basinfo-insert cn-telecom command is not run,

        the format of NAS-Port-Id is: slot number/port number vlan-id inner VLAN ID:outer VLAN ID.

        Format example: 2/5 vlan-id 4096:4.

        For untagged user packets, the IDs of inner and outer VLANs are both 4096. If the user VLAN only carries a tag, the inner VLAN ID is 4096.

      • If vlanpvc-to-username is set to standard and the client-option82 basinfo-insert cn-telecom command is run,

        the format of NAS-Port-Id is: {eth|trunk|PW} slot number/subslot-number/port-number:{vpi.vci|outer VLAN ID.inner VLAN ID} information carried by the client.

        The slot number, subslot number, port number, VPI number, VCI number, outer VLAN ID, and inner VLAN ID are filled with the actual values. For trunk interfaces, the slot number is 0. For untagged user packets, the IDs of inner and outer VLANs are both 4096. If the user VLAN only carries a tag, the inner VLAN ID is 4096. For PW interfaces, the subslot number is 0. In the AAA view, you can specify pevlan or cevlan in the vlanpvc-to-username standard trust { pevlan | cevlan } command. By default, both parameters are specified in the command. If pevlan is specified, set the inner VLAN ID to 4096. If cevlan is specified, set the outer VLAN ID to 4096.

        • User packets carry Option 82 information.

          If the vbas command is configured on the BAS interface, parse the complete Option 82 information carried by user packets. Otherwise, parse Option 82 information with two offset bytes.

          If user Option 82 information contains no blank space, information carried by the client is filled with user Option 82 information with two offset bytes. For example, if user Option 82 information is abc, the format of NAS-Port-Id is eth 2/0/5:4096.4 c.

          If user Option 82 information contains a space and a slash (/) is in front of the space, information carried by the client is filled with user Option 82 information with two offset bytes. For example, if user Option 82 information is aaa/b cd, the format of NAS-Port-Id is eth 2/0/5:4096.4 a/b cd.

          If user Option 82 information contains two spaces with no slash (/) in front of the first space, information carried by the client is filled with user Option 82 information after the second space. For example, if user Option 82 information is aaab cd e, the format of NAS-Port-Id is eth 2/0/5:4096.4 e.

          If user Option 82 information contains two spaces with no slash (/) in front of the spaces, information carried by the client is filled with 0/0/0/0/0/0. For example, if user Option 82 information is aaab cde, the format of NAS-Port-Id is eth 2/0/5:4096.4 0/0/0/0/0/0.

        • User packets do not carry Option 82 information.

          Information carried by the client is filled with 0/0/0/0/0/0, for example, eth 2/0/5:4096.4 0/0/0/0/0/0.

  4. (Optional) Run radius-server nas-port-id lns include [ string string | ip delimiter ] { local-tunnel-ip [ delimiter ] | peer-tunnel-ip [ delimiter ] | local-tunnel-id [ delimiter ] | peer-tunnel-id [ delimiter ] | local-session-id [ delimiter ] peer-session-id [ delimiter ] | call-serial-number [ delimiter ] } *

    The format of the NAS-Port-Id attribute sent by the L2TP LNS to the RADIUS server is configured.

  5. (Optional) Run radius-server nas-port-id include [ delimiter delimiter-val ] { interface-description [ delimiter int-delimiter-val ] | pe-vlan [ delimiter pevlan-delimiter-val ] | ce-vlan [ delimiter cevlan-delimiter-val ] } *

    The format of the NAS-Port-Id attribute sent by a non-LNS device to the RADIUS server is configured.

  6. Run commit

    The configuration is committed.

Parent Topic: Configuring RADIUS
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >