3com S7906E Instruccion De Instalación
1-30
Configuring Attributes Related to Data to Be Sent to the RADIUS Server
Follow these steps to configure the attributes related to data to be sent to the RADIUS server:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter RADIUS scheme view
radius scheme
radius-scheme-name
radius-scheme-name
—
Specify the format of the
username to be sent to a
RADIUS server
username to be sent to a
RADIUS server
user-name-format
{ keep-original
{ keep-original
|
with-domain |
without-domain }
Optional
By default, the ISP domain
name is included in the
username.
name is included in the
username.
Specify the unit for data flows or
packets to be sent to a RADIUS
server
packets to be sent to a RADIUS
server
data-flow-format { data { byte
| giga-byte | kilo-byte |
mega-byte } | packet
{ giga-packet | kilo-packet |
mega-packet | one-packet } }*
| giga-byte | kilo-byte |
mega-byte } | packet
{ giga-packet | kilo-packet |
mega-packet | one-packet } }*
Optional
The defaults are as follows:
byte for data flows, and
one-packet for data packets.
one-packet for data packets.
z
Some earlier RADIUS servers cannot recognize usernames that contain an ISP domain name. In
this case, the device must remove the domain name before sending a username including a
domain name. You can configure the user-name-format without-domain command on the
device for this purpose.
z
If a RADIUS scheme defines that the username is sent without the ISP domain name, do not apply
the RADIUS scheme to more than one ISP domain. Otherwise, users using the same username
but in different ISP domains will be considered the same user.
z
For level switching authentication, the user-name-format keep-original and user-name-format
without-domain commands produce the same results, that is, usernames sent to the RADIUS
server carry no ISP domain name.
z
The unit of data flows sent to the RADIUS server must be consistent with the traffic statistics unit of
the RADIUS server. Otherwise, accounting cannot be performed correctly.
Enabling the RADIUS Trap Function
If a NAS sends an accounting or authentication request to the RADIUS server but gets no response, the
NAS retransmits the request. With the RADIUS trap function enabled, when the NAS transmits the
request for half of the specified maximum number of transmission attempts, it sends a trap message;
when the NAS transmits the request for the specified maximum number of transmission attempts, it
sends another trap message.
Follow these steps to enable the RADIUS trap function:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable the RADIUS trap
function
function
radius trap
{ accounting-server-down |
authentication-server-down }
{ accounting-server-down |
authentication-server-down }
Required
Disabled by default