Command Manual (For Soliton) – AAA
H3C S3100 Series Ethernet Switches
Chapter 1 AAA Configuration Commands
1-44
Parameters
nas-ip ip-address
: Specifies the IP address of a network access server (NAS) that can
use the local RADIUS services. Here,
ip-address
is in dotted decimal notation.
key password
: Sets the shared key between the local RADIUS server and the NAS.
Here,
password
is a string of up to 16 characters.
Description
Use the
local-server nas-ip
command to set the related parameters of the local
RADIUS server.
Use the
undo local-server nas-ip
command to cancel a specified NAS setting for the
local RADIUS server.
By default, the local RADIUS server is enabled and it allows the access of NAS
127.0.0.1. That is, the local device serves as both a RADIUS server and a network
access server, and all authentications are performed locally. The default share key is
null.
Note that:
z
The message encryption key set by the
local-server nas-ip ip-address key
password
command must be identical with the authentication/authorization
message encryption key set by the
key authentication
command in the RADIUS
scheme view of the RADIUS scheme on the specified NAS that uses this switch as
its authentication server.
z
The switch supports the IP addresses and shared keys of at most 16 network
access servers (including the local device); that is, when the switch serves as a
RADIUS server, it can provide authentication service to at most 16 NASs
simultaneously.
z
When serving as a local RADIUS server, the switch does not support EAP
authentication.
Related commands:
radius scheme
,
state
,
local-server enable
.
Examples
# Allow the local RADIUS server to provide services to NAS 10.110.1.2 with shared key
aabbcc.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] local-server nas-ip 10.110.1.2 key aabbcc
1.2.12 nas-ip
Syntax
nas-ip
ip-address