RADIUS Configuration 185
When both the primary and secondary servers are in active or block state, the switch sends packets only to the primary server. Table 150 Set the status of RADIUS servers Operation
Command
Description
Enter system view
system-view
—
Create a RADIUS scheme and enter its view
radius scheme radius-scheme-name
Required By default, a RADIUS scheme named “system” has already been created in the system.
Set the status of the primary RADIUS authentication/authori zation server
state primary authentication { block | active }
Set the status of the primary RADIUS accounting server Set the status of the secondary RADIUS authentication/authori zation server Set the status of the secondary RADIUS accounting server
Configuring the Attributes for Data to be Sent to RADIUS Servers
Optional By default, all the RADIUS servers in a user-defined RADIUS scheme are in the active state; and the state primary accounting { block | RADIUS servers in the active } default RADIUS scheme “system” are in the block state secondary authentication { block | state. active }
state secondary accounting { block | active }
Table 151 Configure the attributes for data to be sent to the RADIUS servers Operation
Command
Description
Enter system view
system-view
—
Create a RADIUS scheme and enter its view
radius scheme radius-scheme-name Required By default, a RADIUS scheme named “system” has already been created in the system.
Set the format of user-name-format { with-domain | the user names to without-domain } be sent to RADIUS servers
Optional By default, the user names sent from the switch to RADIUS servers carry ISP domain names.
Set the units of measure for data flows sent to RADIUS servers
Optional By default, in a RADIIUS scheme, the unit of measure for data is byte and that for packets is one-packet.
data-flow-format data { byte | giga-byte | kilo-byte | mega-byte } packet { giga-packet | kilo-packet | mega- packet | one-packet }
Set the source IP RADIUS scheme view address used by nas-ip ip-address the switch to send RADIUS packets System view radius nas-ip ip-address
Optional By default, no source IP address is specified; and the IP address of the outbound interface is used as the source IP address.
CAUTION: ■
Generally, the access users are named in the userid@isp-name format. Where, isp-name behind the @ character represents the ISP domain name, by which the device determines which ISP domain it should ascribe the user to. However, some old RADIUS servers cannot accept the user names that carry ISP domain names. In this case, it is necessary to remove the domain names carried in the user names before sending the user names to the RADIUS server. For this reason, the user-name-format command is designed for you to specify whether or not ISP domain names are carried in the user names sent to the RADIUS server.