3Com WX3000 Configuring the Local RADIUS Authentication Server Function

2-16

z Generally, the access users are named in the userid@isp-name or userid.isp-name format. Here,

isp-name after the “@” or “.” character represents the ISP domain name, by which the device

determines which ISP domain a user belongs to. However, some old RADIUS servers cannot

accept the user names that carry ISP domain names. In this case, it is necessary to remove

domain names from user names before sending the user names to RADIUS server. For this reason,

the user-name-format command is designed for you to specify whether or not ISP domain names

are carried in the user names to be sent to RADIUS server.

z For a RADIUS scheme, if you have specified to remove ISP domain names from user names, you

should not use this RADIUS scheme in more than one ISP domain. Otherwise, such errors may

occur: the RADIUS server regards two different users having the same name but belonging to

different ISP domains as the same user (because the usernames sent to it are the same).

z In the default RADIUS scheme "system", ISP domain names are removed from user names by

default.

z The purpose of setting the MAC address format of the Calling-Station-Id (Type 31) field in RADIUS

packets is to improve the device’s compatibility with different RADIUS servers. This setting is

necessary when the format of Calling-Station-Id field recognizable to RADIUS servers is different

from the default MAC address format on the device. For details about field formats recognizable to

RADIUS servers, refer to the corresponding RADIUS server manual.

Configuring the Local RADIUS Authentication Server Function

The device provides the local RADIUS server function (including authentication and authorization), also

known as the local RADIUS authentication server function, in addition to RADIUS client service, where

separate authentication/authorization server and the accounting server are used for user

authentication.

Follow these steps to configure the local RADIUS authentication server function:

To do… Use the command… Remarks

Enter system view system-view —

Enable UDP port for local

RADIUS authentication server local-server enable

Optional

By default, the UDP port for

local RADIUS authentication

server is enabled.

Configure the parameters of

the local RADIUS server local-server nas-ip ip-address

key password

Required

By default, a local RADIUS

authentication server is

configured with an NAS IP

address of 127.0.0.1.