Configuring the RADIUS DAS feature

Dynamic Authorization Extensions (DAE) to RADIUS, defined in RFC 5176, can log off online users and change online user authorization information.

In a RADIUS network, the RADIUS server typically acts as the DAE client (DAC) and the NAS acts as the DAE server (DAS).

When the RADIUS DAS feature is enabled, the NAS performs the following operations:

1. Listens to the default or specified UDP port to receive DAE requests.

2. Logs off online users that match the criteria in the requests, changes their authorization information, shuts down or reboots their access ports, or reauthenticates the users.

3. Sends DAE responses to the DAC.

DAE defines the following types of packets:

• Disconnect Messages (DMs)—The DAC sends DM requests to the DAS to log off specific online users.

• Change of Authorization Messages (CoA Messages)—The DAC sends CoA requests to the DAS to change the authorization information of specific online users.

1. Enter system view.

   system-view

2. Enable the RADIUS DAS feature and enter RADIUS DAS view.

   radius dynamic-author server

   By default, the RADIUS DAS feature is disabled.

3. Specify a RADIUS DAC.

   client { ip ipv4-address | ipv6 ipv6-address } [ key { cipher | simple } string | vpn-instance vpn-instance-name ] *

   By default, no RADIUS DACs are specified.

4. (Optional.) Specify the RADIUS DAS port.

   port port-number

   By default, the RADIUS DAS port is 3799.