24
Specifying the VPN to which the servers belong
After you specify a VPN for a RADIUS scheme, all the authentication/authorization/accounting servers
specified for the scheme belong to the VPN. However, if you also specify a VPN when specifying a server
for the scheme, the server belongs to the specific VPN.
Follow these steps to specify a VPN for a RADIUS scheme:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view radius scheme radius-scheme-name —
Specify a VPN for the RADIUS
scheme
vpn-instance vpn-instance-name Required
Setting the username format and traffic statistics units
A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP
domain the user belongs to and is used by the switch to determine which users belong to which ISP
domains. However, some earlier RADIUS servers cannot recognize usernames that contain an ISP
domain name. In this case, the switch must remove the domain name of each username before sending
the username. You can set the username format on the switch for this purpose.
The switch periodically sends accounting updates to RADIUS accounting servers to report the traffic
statistics of online users. For normal and accurate traffic statistics, make sure that the unit for data flows
and that for packets on the switch are consistent with those on the RADIUS server.
Follow these steps to set the username format and the traffic statistics units for a RADIUS scheme:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—
Set the format for usernames sent to
the RADIUS servers
user-name-format { keep-original
| with-domain | without-domain }
Optional
By default, the ISP domain name is
included in a username.
Specify the unit for data flows or
packets sent to the RADIUS servers
data-flow-format { data { byte |
giga-byte | kilo-byte |
mega-byte } | packet
{ giga-packet | kilo-packet |
mega-packet | one-packet } }*
Optional
byte for data flows and one-packet
for data packets by default.
NOTE:
• If a RADIUS scheme defines that the username is sent without the ISP domain name, do not apply the
RADIUS scheme to more than one ISP domain. Otherwise, users using the same username but in
different ISP domains will be considered the same user.
• For level switching authentication, the user-name-format keep-original and user-name-format
without-domain commands produce the same results: they make sure that usernames sent to the
RADIUS server carry no ISP domain name.
To Next Page
Loading...
Need help?
General