Configuring a NAS-ID profile
By default, the device sends its device name in the NAS-Identifier attribute of all RADIUS requests.
A NAS-ID profile enables you to send different NAS-Identifier attribute strings in RADIUS requests from different VLANs. The strings can be organization names, service names, or any user categorization criteria, depending on the administrative requirements.
For example, map the NAS-ID companyA to all VLANs of company A. The device will send companyA in the NAS-Identifier attribute for the RADIUS server to identify requests from any Company A users.
You can apply a NAS-ID profile to portal- or port security-enabled interfaces. For more information, see "Configuring portal" and "Configuring port security."
A NAS-ID can be bound with more than one VLAN, but a VLAN can be bound with only one NAS-ID.
To configure a NAS-ID profile:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a NAS-ID profile and enter NAS-ID profile view. | aaa nas-id profile profile-name | N/A |
3. Configure a NAS-ID and VLAN binding in the profile. | nas-id nas-identifier bind vlan vlan-id | By default, no NAS-ID and VLAN binding exists. |