R0106-HP MSR Router Series Security Configuration Guide(V7)
50
Enabling the session-control feature
A RADIUS server running on IMC can use session-control packets to inform disconnect or dynamic
authorization change requests. This task enables the device to receive RADIUS session-control packets on
UDP port 1812.
To enable the session-control feature:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the session-control
feature.
radius session-control enable
By default, the session-control
feature is disabled.
Configuring the RADIUS DAE server function
Dynamic Authorization Extensions (DAE) to RADIUS, defined in RFC 5176, can log off online users or
change their authorization information. DAE uses the client/server model.
In a RADIUS network, the RADIUS server typically serves as the DAE client and the NAS serves as the
DAE server.
When the RADIUS DAE server function is enabled, the NAS performs the following operations:
1. Listens to the default or specified UDP port to receive DAE requests.
2. Logs off online users who match the criteria in the requests, or changes their authorization
information.
3. Sends DAE responses to the DAE client.
DAE defines the following types of packets:
• Disconnect Messages (DMs)—The DAE client sends DM requests to the DAE server to log off specific
online users.
• Change of Authorization Messages (CoA Messages)—The DAE client sends CoA requests to the
DAE server to change the authorization information of specific online users.
To configure the RADIUS DAE server function:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable the RADIUS DAE
server function and enter
RADIUS DAE server view.
radius dynamic-author server
By default, the RADIUS DAE server
function is disabled.
3. Specify a RADIUS DAE
client.
client { ip ipv4-address | ipv6
ipv6-address } [ key { cipher |
simple } string | vpn-instance
vpn-instance-name ] *
By default, no RADIUS DAE client is
specified.
4. Specify the RADIUS DAE
server port.
port port-number
By default, the RADIUS DAE server
port is 3799.