More Information About NAS-Port-Id (87)

If the following command is run on a Huawei device, the NAS-Port-Id attribute is encapsulated in the format defined by a specific vendor. If the following command is not run or format encapsulation fails, the NAS-Port-Id attribute is encapsulated according to the specific device configuration.

radius-server format-attribute nas-port-id vendor { vendor-id | redback-simple | redback-addition }

The following format examples assume that a user is logged in from GE 2/0/5.4, with the single VLAN ID being 4 in the user packet. For Eth-Trunk interfaces, the value of sub-slot-id is always 2 unless otherwise specified as 0.

  1. vendor-id set to 2636

    • When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

      {fastEthernet|gigabitEthernet} slot-id/port-id.sub-interface-number [:vpi-vci|:ivlan]

      Format example: gigabitEthernet 2/5.4:4

    If the logical interface configured on a user access interface is not a Trunk interface, the NAS-Port-Id attribute is encapsulated in the format of the logical interface. If the logical interface is a Trunk interface, the NAS-Port-Id attribute is encapsulated in the format of the user access interface. If the user access interface is theTrunk interface itself, the NAS-Port-Id attribute is encapsulated in the format of the first member interface of the Trunk interface.

    The logical interface is specified using the nas logic-port command.

    If the VLAN ID is double-tagged, the sub-interface ID is combined with the VLAN ID and the VLAN ID is separated by a hyphen (-). In the preceding example, if the outer VLAN ID is 3 and the inner VLAN ID is 4, the format is gigabitEthernet 2/5.30004:3-4.

    If the radius-server format-attribute nas-port-id vendor 2636 version1 command is run:

    • When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

      {FastEthernet|GigabitEthernet} slot-id/sub-slot-id/port-id.sub-interface-number[:vpi-vci|:ivlan]

      Format example: GigabitEthernet 2/0/5.4:4

    If the logical interface configured on a user access interface is not a Trunk interface, the NAS-Port-Id attribute is encapsulated in the format of the logical interface. If the logical interface is a Trunk interface, the NAS-Port-Id attribute is encapsulated in the format of the user access interface. If the user access interface is the Trunk interface itself, the NAS-Port-Id attribute is encapsulated in the format of the first member interface of the Trunk interface. The sub-slot number of the Trunk interface is always 2.

    If the VLAN ID is double-tagged, the sub-interface ID is combined with the VLAN ID and the VLAN ID is separated by a hyphen (-). In the preceding example, if the outer VLAN ID is 3 and the inner VLAN ID is 4, the format is gigabitEthernet 2/0/5.30004:3-4.

  2. vendor-id set to 9

    • When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

      {ethernet|trunk|PW} slot-id/sub-slot-id/port-id

      Format example: ethernet 2/0/5

      If a logical interface is configured on a user access interface, the NAS-Port-Id attribute is encapsulated in the format of the logical interface. If no logical interface is configured on a user access interface, the NAS-Port-Id attribute is encapsulated in the format of the user access interface. The sub-slot number is always 0 for Trunk and PW interfaces.

  3. vendor-id set to 2352

    • When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

      [vpi-vci vpi vci | vlan-id [ivlan:]evlan] [pppoe sess-id | clips sess-id]

      Format example: 2/5 vlan-id 4 pppoe 8

    If a logical interface is configured on a user access interface, the NAS-Port-Id attribute is encapsulated in the format of the logical interface. If no logical interface is configured on a user access interface, the NAS-Port-Id attribute is encapsulated in the format of the user access interface. For a PPP user, sess-id specifies the ID of the user's PPPoE session. For a DHCP user, sess-id specifies the CID of the user on the device. Untagged packets of Ethernet access users do not carry VLAN information. For a QinQ interface, evlan and ivlan specify the outer and inner VLAN IDs, respectively.

  4. redback-simple Format

    • When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

      slot-id/port-id[vpivci vpi vci | vlanid [ivlan:]evlan] [pppoe sess-id | clips sess-id]

      Format example: 2/5 vlanid 4 pppoe 8

    This format differs from that defined when vendor-id is set to 2352 in that both vpivci and vlanid have a hyphen (-) deleted.

  5. Default Formats

    The default format is under the Control of the vlanpvc-to-username { standard | turkey | version10 | version20 } command in the AAA view and the vbas command and the client-option82 command in the BAS interface view

    • Client option information is untrusted (default status).

      If the following conditions are true, client option information is not trusted:
      1. The vbas command is not run in the BAS interface view.
      2. For DHCPv4 users, the vlanpvc-to-username standard trust { pevlan | cevlan } [ ignore-rid ] command is not run, so the device does not trust Option82 information. For PPPoE users, DHCPv6 users, ND users, dual-stack users, leased line users, and static users, the client-option18 command or either of the client-option82 and client-access-line-id commands is not run, so the device does not trust Option18 or Option82 information.

      • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the version20 (default type) format.

        When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

        slot=slot-id;subslot=sub-slot-id;port=port-id;{VPI=vpi;VCI=vci;|vlanid=VLAN-id;|vlanid=inner-VLAN-id;vlanid2=outer-VLAN-id;}

        Example: slot=2;subslot=0;port=5;vlanid=4;

        Note that the slot-id, sub-slot-id, port-id, vpi, vci, VLAN-ID, outer-VLAN-ID, and inner-VLAN-ID vary according to the actual situations.

      • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the version10 format.

        When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

        slot=slot-id;subslot=sub-slot-id;port=port-id;{VPI=vpi;VCI=vci;|vlanid=VLAN-ID;}

        Example: slot=2;subslot=0;port=5;vlanid=4;

        Note that the slot-id, sub-slot-id, port-id, vpi, vci, and VLAN-ID vary according to the actual situations. For users logging in from a QinQ interface, the VLAN-ID is the inner VLAN ID.

      • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the Turkey format (newly added for Turkey Telecom).

        When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

        slot-id/port-id vlan-id inner-VLAN-ID:outer-VLAN-ID

        Example: 2/5 vlan-id 4096:4

        If access users' packets do not carry any VLAN tags, both the inner and outer VLAN IDs are 4096. If the packets carry only one VLAN tag, the outer VLAN ID is 4096.

      • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the standard format.

        When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

        {eth|trunk|PW} slot-id/sub-slot-id/port-id:{vpi.vci|inner-VLAN-ID.outer-VLAN-ID} 0/0/0/0/0/0

        Example: eth 2/0/5:4096.4 0/0/0/0/0/0

        Note that the slot-id, sub-slot-id, port-id, vpi, vci, outer-VLAN-ID, and inner-VLAN-ID vary according to the actual situations. For Trunk interfaces, the sub-slot-id is always 0. If access users' packets do not carry any VLAN tags, both the inner and outer VLAN IDs are 4096. If the packets carry only one VLAN tag, the outer-VLAN-ID is 4096. For PW interfaces, the sub-slot-id is always 0. In the AAA view, you can specify pevlan or cevlan in the vlanpvc-to-username standard trust { pevlan | cevlan } command. By default, both parameters are specified in the command. If only pevlan is specified, set the inner-VLAN-ID to 4096. If only cevlan is specified, set the outer-VLAN-ID to 4096.

    • Client Option information is trusted.

      If any of following conditions is true, client option information is trusted:

      1. The vbas command is run in the BAS interface view.

      2. For DHCPv4 users, the option82 command is run to allow the device to trust Option82 information.

        For PPPoE users, DHCPv6 users, ND users, dual-stack users, leased line users, and static users, the client-option18 command or either of the client-option82 and client-access-line-id commands is run to allow the device to trust Option18 or Option82 information.

      • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the version20 (default type) or version10 format, and the client-option82 basinfo-insert cn-telecom command is not run.

        • User packets carry Option82.

          If the vbas command is run, content carried in user packets is directly returned.

          Format example: mse-108 eth 0/2/0/5:4

          If the option82-relay-mode command is not run in the BAS interface view, the value of the first TLV carried in user packets is returned.

          Format example: If abc is carried in user packets, c is returned.

          If the option82-relay-mode command is run in the BAS interface view, content is returned in the configured format:

          1. If include allvalue is specified, all content carried in user packets is returned.

          Format example: If abc is carried in user packets, abc is returned.

          2. If include agent-circuit-id is specified, the circuit ID carried in user packets is returned.

          Format example: If abc de is carried in user packets, abc is returned.

          3. If include agent-remote-id is specified, the remote ID carried in user packets is returned.

          Format example: If abc de is carried in user packets, de is returned.

          4. If include agent-circuit-id agent-remote-id is specified, both the circuit ID and remote agent ID carried in user packets is returned.

          Format example: If abc de is carried in user packets, abcde is returned.

          After any of the preceding parameters is specified in the option82-relay-mode include command, you can run the option82-relay-mode subopt command to configure a format (either in hexadecimal notation or a string) for the circuit ID or remote agent ID to be transmitted. If the second, third, or fourth parameter stated above is specified in the option82-relay-mode command but sub-attribute parsing fails, information is returned in the format specified for the situation where user packets do not carry Option82 information.

          Format example: When the option82-relay-mode include agent-circuit-id and option82-relay-mode subopt agent-circuit-id hex commands are run, if user packets carry abc de, 616263 is returned; if user packets carry abc, MSE-108 eth 0/2/0/5:4 is returned.

        • User packets do not carry Option82.

          When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

          host-name {eth} 0/slot-id/sub-slot-id/port-id:{vpi.vci|vlan|outer-VLAN-ID.inner-VLAN-ID}

          Format example: MSE-108 eth 0/2/0/5:4

          The host name configured in the BAS interface view using the nas logic-sysname host-name command is preferentially used. If no host name is configured in the BAS interface view, the default host name configured by the system is used. If access users' packets do not carry any VLAN tags, both the inner and outer VLAN IDs are 0. If the packets carry only one VLAN tag, the inner VLAN ID is 0, which is not displayed.

      • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the turkey format, and the client-option82 basinfo-insert cn-telecom command is not run.

        When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

        slot-id/port-id vlan-id inner-VLAN-ID:outer-VLAN-ID

        Example: 2/5 vlan-id 4096:4

        If access users' packets do not carry any VLAN tags, both the inner and outer VLAN IDs are 4096. If the packets carry only one VLAN tag, the inner VLAN ID is 4096.

      • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the standard format, and the client-option82 basinfo-insert cn-telecom command is run.

        When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

        {eth|trunk|PW} slot-id/sub-slot-id/port-id:{vpi.vci|outer-VLAN-ID.inner-VLAN-ID} client carried information

        The slot-id, sub-slot-id, port-id, vpi, vci, outer-VLAN-ID, and inner-VLAN-ID vary according to the actual situations.

        ForTrunk interfaces, the sub-slot number is always 0. If access users' packets do not carry VLAN any tags, both the inner and outer VLAN IDs are 4096. If the packets carry only one VLAN tag, the inner VLAN ID is 4096.

        For PW interfaces, the sub-slot number is always 0.

        In the AAA view, you can specify pevlan or cevlan in the vlanpvc-to-username standard trust { pevlan | cevlan } command. By default, both parameters are specified in the command. If only pevlan is specified, set the inner VLAN ID to 4096. If only cevlan is specified, set the outer VLAN ID to 4096.

        • User packets carry Option82.

          If the vbas command is run, the entire Option82 content carried in user packets is parsed. If the vbas command is not run, the Option 82 information with two offset bytes is parsed.

          Parsing procedure:

          The NetEngine 8000 F checks whether the content in a user packet contains a space.

          If yes, the content carried in the user packet is returned. For example, if the user packet carries abc, eth 2/0/5:4096.4 c is returned.

          If no, NetEngine 8000 F checks whether a slash (/) is prior to the space.

          If yes, the content carried in the user packet is returned. For example, if the user packet carries aaa/b cd, eth 2/0/5:4096.4 a/b cd is returned.

          If no, checks whether the content in the user packet contains another space.

          If yes, the content following the second space is returned. For example, if the user packet carries aaab cd e, eth 2/0/5:4096.4 e is returned.

          If no, 0/0/0/0/0/0 is returned. For example, if the user packet carries aaab cde, eth 2/0/5:4096.4 0/0/0/0/0/0 is returned.

        • User packets do not carry Option82.

          Information carried by the client is filled with 0/0/0/0/0/0.

          Format example: eth 2/0/5:4096.4 0/0/0/0/0/0

  6. Formats of the HW-Own-NAS-Port-Identify-Old Attribute Converted from the NAS-Port-Id Attribute (0s Are Used for Padding, and Excess Bits Are Discarded)

    • Ethernet interface:

      When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

      slot-id (2 bytes)+sub-slot-id (2 bytes)+ port-id (3 bytes)+ VLAN (4 bytes outer-VLAN-ID+0+4 bytes inner-VLAN-ID)

  7. Formats of the HW-Own-Nas-Port-Id-Uppercase Attribute Converted from the NAS-Port-Id Attribute (0s Are Used for Padding, and Excess Bits Are Discarded)

    If "vlanidxxxx" is included, "vlanid" is converted to "VLANID". Other situations are the same as those in Default Formats.

  8. A Logical Interface Is Configured in the BAS Mode

    Command:

    (Interface of BAS mode) nas logic-port

    After a logic interface is configured, it generates the following information:
    • User name of DHCP users or binding authentication users
    • User Option 82 information to be generated or replaced
    • NAS-port and NAS-port-ID in RADIUS authentication packets
  9. Impact of the radius-attribute-format nas-port-id unitary-subslot Command on the NAS-Port-Id Attribute Format

    The radius-attribute-format nas-port-id unitary-subslot slot slot-id base-number number command configures a type for the subslot field in the NAS-Port-Id attribute. The keyword unitary-subslot sets the subcard type to unitary.

    This command is used in the following situation:

    When a board on the device contains no subcard, the port numbers are FE1/0/0-FE1/0/15 (FE1/0/0, FE1/0/1, FE1/0/2, ..., FE1/0/15). If the board is replaced with a board containing subcards, the port numbers on the new board are FE1/0/0–FE1/0/7 and E1/1/0–FE1/1/7. As a result, the RADIUS server fails to perform binding authentication. To resolve this issue, the radius-attribute-format nas-port-id unitary-subslot command can be run to convert port interfaces FE1/0/0–FE1/0/7 and FE1/1/0–FE1/1/7 to FE1/0/0–FE1/0/15.

  10. Impact of the option82-relay-mode include Command on the NAS-Port-Id Attribute Format

    • If option82-relay-mode include allvalue command run in the BAS interface view, all Option82 information is carried.

    • If option82-relay-mode include agent-circuit-id command run in the BAS interface view, only circuit ID information is carried.

    • If option82-relay-mode include agent-remote-id command run in the BAS interface view, only remote agent ID information is carried.

    • If option82-relay-mode include agent-circuit-id agent-remote-id command run in the BAS interface view, both circuit ID information and remote agent ID information are carried.

    After any of the preceding commands is configured, you can run the option82-relay-mode subopt command to configure a format (either in hexadecimal notation or a string) for the circuit ID or remote agent ID to be transmitted.

  11. Formats of the Nas-Port-Id-QINQ-Reverse Attributed Converted from the NAS-Port-Id Attribute

    ETH interface:

    • When the user access interface is in the three dimensional format, the format of the NAS-Port-Id attribute is as follows:

      slot=slot-id; subslot=sub-slot-id; port=port-id; vlanid=outer-VLAN-ID;vlanid2=inner-VLAN-ID;

Parent Topic: Appendix: RADIUS Attributes
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >