Description
|
Physical port for user access.
- Default formats are as follows: (0s are used for padding if the total length is less than 4 bytes)
Ethernet interface: slot number (8 bits)+sub-slot number (4 bits)+port number (8 bits)+VLAN ID (12 bits) (For QinQ VLAN tag termination, the inner VLAN ID is used)
The "radius-server format-attribute nas-port" command can be run to convert the NAS-Port attribute into one of the following attributes:
- HW-Own-NAS-Port-New, the formats are as follows: (0s are used for padding if the total length is less than 4 bytes.)
Ethernet interface: slot number (12 bits)+port number (8 bits)+VLAN ID (12 bits) (For QinQ VLAN tag termination, the inner VLAN ID is used.)
- HW-Own-NAS-Port-QinQ, the formats are as follows: (0s are used for padding if the total length is less than 4 bytes.)
Ethernet interface for X1/X2 models: sub-slot number (4 bits)+port number (4 bits)+QinQ VLAN ID (12 bits)+VLAN ID (12 bits)
Ethernet interface for other models: slot number (3 bits)+sub-slot number (1 bit)+port number (4 bits)+QinQ VLAN ID (12 bits)+VLAN ID (12 bits)
- HW-Own-NAS-Port-CID, for LNS users, user CIDs are encapsulated; for other users, the default encapsulation format is used.
- You can run the "radius-server format-attribute nas-port format-string" command in the RADIUS server group view to specify a format string for the NAS-Port attribute. The NAS-Port attribute will then be encapsulated according to the configured format string when users in the RADIUS server group are authenticated.
The format strings of format-string and their meanings are described as follows:
Format string 1: - The keywords s, t, p, o, and i stand for board ID, card ID, port number, outer VLAN ID (QinQ VLAN)/VPI, and inner VLAN ID (user VLAN)/VCI, respectively. The keywords n and z are used as the padding. The number (such as x) after the keyword n indicates that 1 is used to pad the next x bits, whereas the number after the keyword z indicates that the next x bits are padded with 0.
- The keywords s, t, p, o, and i must be followed by Arabic numerals ranging from 1 to 32. These keywords can be present in the format string only once.
- The keywords n and z can present multiple times. These keywords can be followed by numerals, o, or i. If n and z are followed by numerals, the numeral after the keyword n indicates that 1 is used to pad the next x bits, whereas the numeral after the keyword z indicates that the next x bits are padded with 0. If n and z are followed by o or i, it indicates that for the Ethernet interface, the corresponding bit is filled by 1 (n) or 0 (z) (if there is no outer VLAN or VLAN ID).
- The format string must contain 32 bits.
You can run the "undo radius-server format-attribute" command to disable the format string function for the NAS-Port attribute.
By default, the format-string parameter is not specified for the NAS-Port attribute in a RADIUS server group, so that the attribute is not encapsulated based on a format string.
An example is as follows:
[~HUAWEI-radius-rdgoup1] radius-server format-attribute nas-port s4t2p4no10i12
The preceding command indicates that the NAS-Port attribute is encapsulated from high order bits to low order bits in the following sequence: board ID (4 bits), card ID (2 bits), port number (4 bits), VPI/QinQ VLAN ID (10 bits: 1s are padded if there is no outer VLAN ID), and VCI/user VLAN ID (12 bits: 0s are padded if there is no VLAN ID).
Format string 2:
The keyword m32 indicates the 32 least significant bits of a user MAC address. If the m32 format string is configured, the least significant 32 bits of a user MAC address are used to encapsulate the NAS-Port attribute.
An example is as follows:
[~HUAWEI-radius-rdgoup1] radius-server format-attribute nas-port m32
|
|---|