Configuring a RADIUS user

This task is to create a RADIUS user and configure a set of attributes for the user on a switch that serves as the RADIUS server. The user attributes include the password, authorization attribute, expiration time, and user description. After completing this task, the specified RADIUS user can use the username and password for RADIUS authentication on the switch.

You can use the authorization-attribute command to specify an authorization ACL and authorized VLAN, which is assigned by the RADIUS server to the RADIUS client (the NAS) after the RADIUS user passes authentication. The NAS then uses the assigned ACL and VLAN to control user access. If the assigned ACL does not exist on the NAS, ACL assignment fails and the NAS forcibly logs out the RADIUS user. If the assigned VLAN does not exist on the NAS, the NAS creates the VLAN and adds the RADIUS user or the access port to the VLAN.

To configure a RADIUS user:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create a RADIUS user and enter RADIUS server user view.

radius-server user user-name

No RADIUS user exists by default.

3. Configure a password for the RADIUS user.

password [ cipher | simple ] password

Optional.

By default, no password is specified.

4. Configure the authorization attribute for the RADIUS user.

authorization-attribute { acl acl-number | vlan vlan-id } *

Optional.

Not configured by default.

5. Set the expiration time for the RADIUS user.

expiration-date time

Optional.

By default, no expiration time is set, and the system does not check users' expiration time.

6. Configure a description for the RADIUS user.

description text

Optional.

Not configured by default.