Configuring the RADIUS attribute translation feature

About RADIUS attribute translation

The RADIUS attribute translation feature enables the device to work correctly with the RADIUS servers of different vendors that support RADIUS attributes incompatible with the device.

RADIUS attribute translation has the following implementations:

When the RADIUS attribute translation feature is enabled, the device processes RADIUS packets as follows:

To identify proprietary RADIUS attributes, you can define the attributes as extended RADIUS attributes, and then convert the extended RADIUS attributes to device-supported attributes.

Restrictions and guidelines for RADIUS attribute translation configuration

Configure either conversion rules or rejection rules for a RADIUS attribute.

Configure either direction-based rules or packet type-based rules for a RADIUS attribute.

For direction-based translation of a RADIUS attribute, you can configure a rule for each direction (inbound or outbound). For packet type-based translation of a RADIUS attribute, you can configure a rule for each RADIUS packet type (RADIUS Access-Accept, RADIUS Access-Request, or RADIUS accounting).

Configuring the RADIUS attribute translation feature for a RADIUS scheme

  1. Enter system view.

    system-view

  2. (Optional.) Define an extended RADIUS attribute.

    radius attribute extended attribute-name [ vendor vendor-id ] code attribute-code type { binary | date | integer | interface-id | ip | ipv6 | ipv6-prefix | octets | string }

  3. Enter RADIUS scheme view.

    radius scheme radius-scheme-name

  4. Enable the RADIUS attribute translation feature.

    attribute translate

    By default, this feature is disabled.

  5. Configure a RADIUS attribute conversion rule or a RADIUS attribute reject rule. Choose the following tasks as needed:

    • Configure a RADIUS attribute conversion rule.

      attribute convert src-attr-name to dest-attr-name { { access-accept | access-request | accounting } * | { received | sent } * }

      By default, no RADIUS attribute conversion rules are configured.

    • Configure a RADIUS attribute rejection rule.

      attribute reject attr-name { { access-accept | access-request | accounting } * | { received | sent } * }

      By default, no RADIUS attribute rejection rules are configured.

Configuring the RADIUS attribute translation feature for a RADIUS DAS

  1. Enter system view.

    system-view

  2. (Optional.) Define an extended RADIUS attribute.

    radius attribute extended attribute-name [ vendor vendor-id ] code attribute-code type { binary | date | integer | interface-id | ip | ipv6 | ipv6-prefix | octets | string }

  3. Enter RADIUS DAS view.

    radius dynamic-author server

  4. Enable the RADIUS attribute translation feature.

    attribute translate

    By default, this feature is disabled.

  5. Configure a RADIUS attribute conversion rule or a RADIUS attribute rejection rule. Choose the following tasks as needed:

    • Configure a RADIUS attribute conversion rule.

      attribute convert src-attr-name to dest-attr-name { { coa-ack | coa-request } * | { received | sent } * }

      By default, no RADIUS attribute conversion rules are configured.

    • Configure a RADIUS attribute rejection rule.

      attribute reject attr-name { { coa-ack | coa-request } * | { received | sent } * }

      By default, no RADIUS attribute rejection rules are configured.