R2511-HP MSR Router Series Security Configuration Guide(V5)
56
Configuring a NAS ID-VLAN binding
The access locations of users can be identified by their access VLANs. In application scenarios where
identifying the access locations of users is a must, configure NAS ID-VLAN bindings on the device. Then,
when a user gets online, the device obtains the NAS ID by the access VLAN of the user and sends the
NAS ID to the RADIUS server through the NAS-identifier attribute.
To configure a NAS ID-VLAN binding:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a NAS ID profile and
enter NAS ID profile view.
aaa nas-id profile profile-name
You can apply a NAS ID profile to
an interface enabled with portal.
See "Configuring portal."
3. Configure a NAS ID-VLAN
binding.
nas-id nas-identifier bind vlan
vlan-id
By default, no NAS ID-VLAN
binding exists.
Configuring the router as a RADIUS server
The following matrix shows the feature and router compatibility:
Feature MSR900 MSR93X MSR20-1X MSR20 MSR30 MSR50 MSR1000
RADIUS
server
No No Yes Yes Yes No Yes
RADIUS server functions configuration task list
Task Remarks
Configuring a RADIUS user Required.
Specifying a RADIUS client Required.
Configuring a RADIUS user
This task is to create a RADIUS user and configure a set of attributes for the user on a network device
serving as the RADIUS server. User attributes include the password, authorization attribute, expiration
time, and user description. After configuration, the specified RADIUS user can use the username and
password for RADIUS authentication on the device.
To configure a RADIUS user:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a RADIUS user and
enter RADIUS server user
view.
radius-server user user-name No RADIUS user exists by default.