RADIUS Configuration Task List 259RADIUS servers cannot accept the user names that carry ISP domain names. Inthis case, it is necessary to remove domain names from user names beforesending the user names to RADIUS server. For this reason, theuser-name-format command is designed for you to specify whether or notISP domain names are carried in the user names to be sent to RADIUS server.■ For a RADIUS scheme, if you have specified to remove ISP domain names fromuser names, you should not use this RADIUS scheme in more than one ISPdomain. Otherwise, such errors may occur: the RADIUS server regards twodifferent users having the same name but belonging to different ISP domainsas the same user (because the usernames sent to it are the same).■ In the default RADIUS scheme "system", ISP domain names are removed fromuser names by default.■ The purpose of setting the MAC address format of the Calling-Station-Id (Type31) field in RADIUS packets is to improve the switch’s compatibility withdifferent RADIUS servers. This setting is necessary when the format ofCalling-Station-Id field recognizable to RADIUS servers is different from thedefault MAC address format on the switch. For details about field formatsrecognizable to RADIUS servers, refer to the corresponding RADIUS servermanual.Configuring the LocalRADIUS AuthenticationServer FunctionThe switch provides the local RADIUS server function (including authentication andauthorization), also known as the local RADIUS authentication server function, inaddition to RADIUS client service, where separate authentication/authorizationserver and the accounting server are used for user authentication.c CAUTION:■ If you adopt the local RADIUS authentication server function, the UDP portnumber of the authentication/authorization server must be 1645, the UDP portnumber of the accounting server must be 1646, and the IP addresses of theservers must be set to the addresses of this switch.■ The message encryption key set by the local-server nas-ip ip-address keypassword command must be identical with the authentication/authorizationmessage encryption key set by the key authentication command in theRADIUS scheme view of the RADIUS scheme on the specified NAS that usesthis switch as its authentication server.■ The switch supports IP addresses and shared keys for up to 16 network accessservers (NAS). That is, when acting as the local RADIUS authentication server,Table 198 Configure the local RADIUS authentication server functionOperation Command RemarksEnter system view system-view -Enable UDP port for localRADIUS authentication serverlocal-server enable OptionalBy default, the UDP port forlocal RADIUS authenticationserver is enabled.Configure the parameters ofthe local RADIUS serverlocal-server nas-ipip-address key passwordRequiredBy default, a local RADIUSauthentication server isconfigured with an NAS IPaddress of 127.0.0.1.
