Applying a NAS-ID profile to an interface

About applying a NAS-ID profile to an interface

By default, the device sends its device name in the NAS-Identifier attribute of all RADIUS requests.

A NAS-ID profile enables you to send different NAS-Identifier attribute strings in RADIUS requests from different VLANs. The strings can be organization names, service names, or any user categorization criteria, depending on the administrative requirements.

For example, map the NAS-ID companyA to all VLANs of company A. The device will send companyA in the NAS-Identifier attribute for the RADIUS server to identify requests from any Company A users.

Restrictions and guidelines

You can apply a NAS-ID profile to a portal-enabled interface. If no NAS-ID profile is specified on the interface or no matching NAS-ID is found in the specified profile, the device uses the device name as the interface NAS-ID.

Procedure

  1. Enter system view.

    system-view

  2. Create a NAS-ID profile and enter NAS-ID profile view.

    aaa nas-id profile profile-name

    For more information about this command, see Security Command Reference.

  3. Configure a NAS ID and VLAN binding in the profile.

    nas-id nas-identifier bind vlan vlan-id

    For more information about this command, see Security Command Reference. Portal access matches only the inner VLAN ID of QinQ packets. For more information about QinQ, see Layer 2—LAN Switching Configuration Guide.

  4. Specify the NAS-ID profile on the interface.

    1. Return to system view.

      quit

    2. Enter Layer 3 interface view.

      interface interface-type interface-number

    3. Specify the NAS-ID profile on the interface.

      portal nas-id-profile profile-name