(Optional) Configuring Formats for the Calling-Station-Id Attribute

Procedure

1. Run system-view

   The system view is displayed.

2. Run radius-server group group-name

   The RADIUS server group view is displayed.

3. Run radius-server calling-station-id include [ delimiter delimiter ] { { option82 | access-line-id } [ delimiter delimiter ] | mac [ mac-format type1 ] [ delimiter delimiter ] | interface [ delimiter delimiter ] | domain [ delimiter delimiter ] | sysname [ delimiter delimiter ] } ^*

   A method of constructing the Calling-Station-Id attribute is configured.

4. Run radius-server calling-station-id include { refer-option61 | vlan-binding | vlan-description | line-id | llid user-type { ppp | lns }^*}

   A method of constructing the Calling-Station-Id attribute is configured.

   Table1 Method of constructing the Calling-Station-Id attribute describes this method in detail.

   Table 1 Method of constructing the Calling-Station-Id attribute

   Keyword	Description
   refer-option61	The Calling-Station-Id attribute is constructed based on Option 61. After the radius-server calling-station-id include refer-option61 command is run: If the Access-Request packet sent by a user carries Option 61, the user's MAC address is encapsulated into the Calling-Station-Id attribute. If the Access-Request packet sent by a user does not carry Option 61, the username encapsulated into the Calling-Station-Id attribute does not contain a domain name.
   vlan-binding	The Calling-Station-Id attribute is constructed in the format of slot(2)port(2)vpi(2)vci(4)vlan(4)mac(12).
   vlan-description	The RADIUS attribute Calling-Station-Id (31) is constructed in the vlan-description format. Specifically, the encapsulation format is sysname#slot/subslot/port#Pevlan.CeVlan#vlan-description, where the maximum lengths of sysname and vlan-description are 30 bits and 128 bits, respectively. If the length of sysname exceeds the upper limit, the excess part will be truncated. With the vlan-description parameter specified, the Calling-Station-Id attributes in both the Access-Request and Accounting-Request packets comply with the vlan-description format.
   line-id	The Calling-Station-Id attribute is constructed in the prefix+remote-id+suffix format. Specifically, the encapsulation format is ######+remote-id+#, where the maximum length of remote-id is 63 bytes. After the radius-server access-line-id length extend command is run, the maximum length of remote-id is 198 bytes. If the length of remote-id exceeds the upper limit, the Calling-Station-Id attribute is encapsulated in the MAC address format.
   llid user-type { ppp | lns }*	The Calling-Station-Id attribute is constructed based on the LLID in the authentication response packet sent by a RADIUS server. After the radius-server calling-station-id include llid user-type { ppp | lns }* command is run, the authentication process for PPP or LNS users is changed. Users need to be authenticated twice, thereby affecting the user access performance. In the first round of authentication, the username in the Access-Request packet is in the format of NAS-IP-Address NAS-Port-Id and the password in the Access-Request packet is the one configured using the default-password command. If no password is configured, the actual user password is used. In the second round of authentication, the username and password in the Access-Request and Accounting-Request packets are the actual username and password. If the Access-Accept packet in the first round of authentication contains the LLID carried in the Calling-Station-Id attribute, this attribute is encapsulated into the Access-Request and Accounting-Request packets in the second round of authentication according to the LLID format. If the LLID fails to be obtained (for example, the RADIUS server has not delivered the Calling-Station-Id attribute, or authentication is denied or times out), the Calling-Station-Id attributes in the Access-Request and Accounting-Request packets in the second round of authentication are the same as that in the Access-Request packet in the first round of authentication. When the NetEngine 8000 F fails to obtain the LLID from the RADIUS server, by default, the Access-Request and Accounting-Request packets in the second round of authentication carry the Calling-Station-Id attribute. You can run the radius-server calling-station-id disable with-llid-fail command to configure the NetEngine 8000 F not to carry the Calling-Station-Id attribute in the Access-Request packet in the second round of authentication when the NetEngine 8000 F fails to obtain the LLID. This helps identify the clients that fail to obtain the LLID.

5. Run radius-server calling-station-id lns-default version1

   The default format of the Calling-Station-Id attribute in the packets sent by the LNS is configured.

   After the radius-server calling-station-id lns-default version1 command is run, the Access-Request and Accounting-Request packets sent by the LNS carry the default Calling-Station-Id attribute even if the packets sent by the LAC to the LNS do not carry the calling-number. By default, if the packets sent by the LAC to the LNS do not carry the calling-number, the Access-Request and Accounting-Request packets sent by the LNS do not carry the Calling-Station-Id attribute.

6. Run radius-server calling-station-id lns-default version1 force

   The NetEngine 8000 F is configured to construct the Calling-Station-Id attribute of the packets sent by the LNS in the version1 format.

   In some special scenarios, the Calling-Station-Id attribute of the packets sent by the LNS must be constructed in the version1 format, regardless of whether the packets sent by the LAC to the LNS carry the calling-number.

7. Run radius-server calling-station-id include pevlan [ { delimiter delimiter-vlan } [ cevlan ] ] or radius-server calling-station-id include cevlan [ { delimiter delimiter-vlan } [ pevlan ] ]

   The NetEngine 8000 F is configured to construct the Calling-Station-Id attribute based on the inner and outer VLAN IDs.

   The Calling-Station-Id attribute contains user VLAN information. You can specify either or both of pevlan and cevlan. If you specify both pevlan and cevlan and specify pevlan before specifying cevlan, the RADIUS server parses pevlan before parsing cevlan. If you specify cevlan before specifying pevlan, the RADIUS server parses cevlan before parsing pevlan.

   If access users send packets that carry single VLAN tags, the single VLAN tags can only be encapsulated into pevlan.

8. Run radius-server format-attribute calling-station-id vendor vendor-id [ include option82 ] [ version1 ]

   The NetEngine 8000 F is configured to encapsulate the Calling-Station-Id attribute in a vendor-specific format.

   The Calling-Station-Id attribute can be encapsulated in different formats specified by vendor IDs. Currently, this attribute can be encapsulated in the Redback-defined or Juniper-defined format only.

   • If the specified vendor ID is 2352, the NetEngine 8000 F encapsulates the Calling-Station-Id attribute in the default Redback-defined format.
   • If the specified vendor ID is 2636, the NetEngine 8000 F encapsulates the Calling-Station-Id attribute in the default Juniper-defined format.

   version1 takes effect only when vendor-id is set to 2352.

9. Run radius-server format-attribute include sub-slot

   The NetEngine 8000 F is configured to contain a sub-slot ID in the interface number encapsulated in the Calling-Station-Id or NAS-port-ID attribute.

   After this command is run, when the Calling-Station-Id and NAS-port-ID attributes are encapsulated in the Redback-defined format, the interface number is in the Slot/Sub-Slot/Port format.

10. Run radius-server format-attribute calling-station-id user-defined version3

    The NetEngine 8000 F is configured to encapsulate the Calling-Station-Id attribute in the version3 format.

    After this command is run, the Calling-Station-Id attribute is encapsulated in the format of {lag-Trunkid|eth Slot/Subslot/Port}:Pvlan.Cvlan#SystemName###pppoe mac-address#.

11. Run commit

    The configuration is committed.