R2511-HP MSR Router Series Security Configuration Guide(V5)
57
Ste
p
Command
Remarks
3. Configure a password for the
RADIUS user.
password [ cipher | simple ]
password
Optional.
By default, no password is
specified.
4. Configure the authorization
attribute for the RADIUS user.
authorization-attribute { acl
acl-number | vlan vlan-id } *
Optional.
Not configured by default.
5. Set the expiration time for the
RADIUS user.
expiration-date time
Optional.
By default, no expiration time is
set, and the system does not check
users' expiration time.
6. Configure a description for
the RADIUS user.
description text
Optional.
Not configured by default.
You can use the authorization-attribute command to specify an authorization ACL and authorized VLAN,
which will be assigned by the RADIUS server to the RADIUS client (the NAS) after the RADIUS user
passes authentication. The NAS then uses the assigned ACL and VLAN to control user access. If the
assigned ACL does not exist on the NAS, ACL assignment will fail and the NAS will log the RADIUS user
out forcibly. If the assigned VLAN does not exist on the NAS, the NAS will create the VLAN and add the
RADIUS user or the access port to the VLAN.
Specifying a RADIUS client
This task is to specify the IP address of a client to be managed by the RADIUS server and configure the
shared key for secure RADIUS communication. The RADIUS server processes RADIUS packets only from
the specified clients.
To specify a RADIUS client:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify a RADIUS client.
radius-server client-ip ip-address
[ key [ ciper | simple ] string ]
No RADIUS client is specified by
default.
The IP address of a RADIUS client specified on the RADIUS server must be consistent with the source IP
address of outgoing RADIUS packets configured on the RADIUS client.
The shared key configured on the RADIUS server must be consistent with that configured on the RADIUS
client.
Displaying and maintaining AAA
Task Command
Remarks
Display the configuration of
ISP domains.
display domain [ isp-name ] [ | { begin | exclude | include }
regular-expression ]
Available in
any view.