48
NOTE:
You can use the authorization-attribute command to specify an authorization ACL and authorized VLAN,
hich will be assigned by the RADIUS server to the RADIUS client (the NAS) after the RADIUS user passes
authentication. The NAS then uses the assigned ACL and VLAN to control user access. If the assigned ACL
does not exist on the NAS, ACL assignment will fail and the NAS will forcibly log the RADIUS user out. If
the assigned VLAN does not exist on the NAS, the NAS will create the VLAN and add the RADIUS user or
the access port to the VLAN.
Specifying a RADIUS client
This task is to specify the IP address of a client to be managed by the RADIUS server and configure the
shared key. The RADIUS server processes only the RADIUS packets sent from the specified clients.
Follow these steps to specify a RADIUS client
To do… Use the command… Remarks
Enter system view system-view —
Specify a RADIUS client
radius-server client-ip ip-address [ key
string ]
Required
No RADIUS client is
specified by default.
NOTE:
• The IP address of a RADIUS client specified on the RADIUS server must be consistent with the source IP
address of outgoing RADIUS packets configured on the RADIUS client.
• The shared key configured on the RADIUS server must be consistent with that confi
ured on the RADIUS
client.
Displaying and maintaining AAA
To do… Use the command… Remarks
Display the configuration
information of ISP domains
display domain [ isp-name ] [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display information about user
connections
display connection [ access-type { dot1x |
mac-authentication | portal } | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index |
user-name user-name | vlan vlan-id ] [ slot
slot-number ] [ | { begin | exclude | include }
regular-expression ]
Available in any view
To Next Page
Loading...
Need help?
General