Manualshelf

HP MSR2000/3000/4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router
71727374757677787980
62
Examples
# Set the RADIUS server response timeout timer to 5 seconds for RADIUS scheme radius1.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] timer response-timeout 5
Related commands
display radius scheme
retry
user-name-format (RADIUS scheme view)
Use user-name-format to specify the format of the username to be sent to a RADIUS server.
Use undo user-name-format to restore the default.
Syntax
user-name-format { keep-original | with-domain | without-domain }
undo user-name-format
Default
The ISP domain name is included in the username.
Views
RADIUS scheme view
Predefined user roles
network-admin
Parameters
keep-original: Sends the username to the RADIUS server as it is entered.
with-domain: Includes the ISP domain name in the username sent to the RADIUS server.
without-domain: Excludes the ISP domain name from the username sent to the RADIUS server.
Usage guidelines
A username is generally in the format userid@isp-name, of which isp-name is used by the device to
determine the ISP domain to which a user belongs. Some earlier RADIUS servers, however, cannot
recognize a username containing an ISP domain name. Before sending a username including a domain
name to such a RADIUS server, the device must remove the domain name. This command allows you to
specify whether to include a domain name in a username sent to a RADIUS server.
If a RADIUS scheme defines that the username is sent without the ISP domain name, do not apply the
RADIUS scheme to more than one ISP domain. Otherwise, the RADIUS server will consider two users in
different ISP domains but with the same userid as one user.
For 802.1X users using EAP authentication, the user-name-format command configured for a RADIUS
scheme does not take effect and the device does not change the usernames from clients before
forwarding them to the RADIUS server.
If the RADIUS scheme is used for roaming wireless users, specify the keep-original keyword. Otherwise,
authentication of the wireless users might fail.