(Optional) Configuring Negotiation Parameters for RADIUS Attributes

When a RADIUS server communicates with the NetEngine 8000 F, the RADIUS attributes configured on them must be consistent.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run radius-server group group-name

    The RADIUS server group view is displayed.

  3. Run radius-attribute enable framed-ip-netmask netmask-length account-request

    The NetEngine 8000 F is configured to carry the 32-bit Framed-IP-Netmask attribute in an Accounting-Request packet.

  4. Run radius-attribute vendor vendor-id enable

    The ID of a vendor whose proprietary RADIUS attributes can be parsed by the NetEngine 8000 F is configured.

  5. Run radius-attribute vendor { { huawei | microsoft | 3gpp2 | redback | dslforum | other }* | all } continuous

    The function to encapsulate multiple vendor-proprietary attributes into the No. 26 RADIUS attribute (Vendor-Specific) is enabled.

  6. Run radius-attribute include radius-attribute-name

    The device is allowed to carry a new attribute in RADIUS packets.

    To prevent unnecessary or unrecognized attributes from being sent to a RADIUS server, many attributes are designed not to be sent by default. If one of these attributes needs to be sent in real-world scenarios, run this command.

  7. Run radius-attribute include hw-dhcp-option option-num & <1-16>

    The NetEngine 8000 F is configured to carry the corresponding option information in the HW-DHCP-Option attribute of an Access-Request packet.

  8. Run radius-attribute include hw-dhcpv6-option v6-option-num & <1-16>

    The NetEngine 8000 F is configured to carry the corresponding option information in the HW-DHCPv6-Option attribute of an Access-Request packet.

  9. Run radius-attribute include reply-message coa-nak

    The NetEngine 8000 F is configured to carry the Reply-Message attribute in a CoA-NAK packet.

  10. Run radius-attribute include nas-ip-address { accounting-on | accounting-off } *

    The NetEngine 8000 F is configured to carry the NAS-IP-Address attribute in an Accounting-On or Accounting-Off packet.

  11. Run radius-attribute usermac-as-option61

    The NetEngine 8000 F is configured to encapsulate Option 61 into the HW-User-MAC attribute.

    If the client-option82 version1 command is configured on a BAS interface, the NetEngine 8000 F can encapsulate the client ID (DHCPv4 Option61/DHCPv6 Option1/PPPoE PADR Tag 0x0103 Host-unique) in the Class attribute of an Accounting-Request packet.

  12. Run radius-attribute include event-timestamp { accounting-on | accounting-off }

    The NetEngine 8000 F is configured to carry the Event-Timestamp attribute of an Accounting-On or Accounting-Off packet.

  13. Run radius-attribute include class edsg

    The NetEngine 8000 F is configured to carry the Class attribute in Accounting-Request packets of EDSG services.

  14. Run radius-attribute include hw-dhcpv6-option37 accounting-request

    The NetEngine 8000 F is configured to carry the HW-DHCPv6-Option37 attribute in an Accounting-Request packet.

  15. Run radius-attribute include hw-vpn-instance accounting-request

    The NetEngine 8000 F is configured to carry the HW-VPN-Instance attribute in an Accounting-Request packet.

  16. Run radius-attribute include framed-route accounting-request

    The NetEngine 8000 F is configured to carry the Framed-Route attribute in an Accounting-Request packet.

  17. Run radius-attribute include hw-web-url accounting-request

    The NetEngine 8000 F is configured to carry the HW-Web-URL attribute in an Accounting-Request packet.

  18. Run radius-attribute include hw-acct-terminate-subcause [ edsg ]

    The NetEngine 8000 F is configured to carry the HW-Acct-Terminate-Subcause attribute in an Accounting-Stop packet.

  19. Run radius-attribute hw-acct-terminate-subcause encapsulation-type { string | integer }

    The NetEngine 8000 F is configured to encapsulate the HW-Acct-terminate-subcause attribute based on a specified encapsulation type.

  20. Run radius-attribute include hw-user-mac edsg accounting-request

    The NetEngine 8000 F is configured to carry the HW-User-MAC attribute in Accounting-Request packets of EDSG services.

  21. Run radius-attribute include hw-avpair hw-avpair-value packet-type

    The NetEngine 8000 F is configured to carry the HW-Avpair attribute in an Access-Request or Accounting-Request packet.

    Table 1 lists the mapping between the hw-avpair-name and packet-type values.

    Table 1 Mapping between the attribute values and packet types

    Value of hw-avpair-name

    Value of packet-type

    Description

    nat:vpn

    Accounting-Request

    The Accounting-Request packet carries a VPN instance bound to the CGN address pool.

    nat:extport

    Accounting-Request

    The Accounting-Request packet carries a port range used for incremental allocation.

    subscriber:fq

    Accounting-Request

    The Accounting-Request packet carries the Flow-queue parameter that will take effect.

    subscriber:vpnid

    Accounting-Request

    The Accounting-Request packet carries a user VPN ID.

    subscriber:link-address

    Access-Request

    The Access-Request packet carries a DHCPv6 address.

  22. Run radius-attribute include hw-avpair hw-avpair-name-without-packet-type

    The NetEngine 8000 F is configured to carry the HW-Avpair attribute in an Access-Request and Accounting-Request packet.

    The value of hw-avpair-name-without-packet-type can be subscriber:nas-type only, which indicates a device type and is used to distinguish non-CU separation devices from CU separation devices.

  23. Run radius-attribute include reply-message logon-ack

    The NetEngine 8000 F is configured to carry the Reply-Message attribute in the ACK packets for switching from a pre-authentication domain to an authentication domain.

  24. Run radius-attribute include reply-message query-ack

    The NetEngine 8000 F is configured to carry the Reply-Message attribute in a CoA Query ACK packet.

  25. Run radius-attribute include { session-timeout | online-time | user-group } coa-query-ack

    The NetEngine 8000 F is configured to carry the remaining time for COA re-authentication, online duration, and user group name in a CoA Query ACK packet.

  26. Run radius-attribute include hw-gateway-address access-request

    The NetEngine 8000 F is configured to carry the gateway address in an Access-Request packet.

  27. Run radius-attribute include cmcc-nas-type

    The NetEngine 8000 F is configured to carry the CMCC-NAS-Type attribute in an Access-Request or Accounting-Request packet.

  28. Run radius-attribute include { hw-tunnel-group-name | hw-client-primary-dns | hw-client-secondary-dns } accounting-request

    The NetEngine 8000 F is configured to carry the HW-Tunnel-Group-Name, HW-Client-Primary-DNS, or HW-Client-Secondary-DNS attribute in an Accounting-Request packet.

  29. Run quit

    Return to the system view.

  30. Run radius-attribute nas-identifier max-length unlimited

    The configured the length limit of the RADIUS attribute NAS-Identifier is cancelled.

  31. Run commit

    The configuration is committed.

Parent Topic: Configuring RADIUS
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >