Applying a NAS-ID profile to port security

By default, the device sends its device name in the NAS-Identifier attribute of all RADIUS requests.

A NAS-ID profile enables you to send different NAS-Identifier attribute strings in RADIUS requests from different VLANs. The strings can be organization names, service names, or any user categorization criteria, depending on the administrative requirements.

For example, map the NAS-ID companyA to all VLANs of company A. The device will send companyA in the NAS-Identifier attribute for the RADIUS server to identify requests from any Company A users.

You can apply a NAS-ID profile to port security globally or on a port. On a port, the device selects a NAS-ID profile in the following order:

1. The port-specific NAS-ID profile.

2. The NAS-ID profile applied globally.

If no NAS-ID profile is applied or no matching binding is found in the selected profile, the device uses the device name as the NAS-ID.

For more information about the NAS-ID profile configuration, see "Configuring AAA."

1. Enter system view.

   system-view

2. Apply a NAS-ID profile.

   • Apply a NAS-ID profile globally.

     port-security nas-id-profile profile-name

   • Execute the following commands in sequence to apply a NAS-ID profile to an interface:

     interface interface-type interface-number

     port-security nas-id-profile profile-name

   By default, no NAS-ID profile is applied in system view or in interface view.