Applying a NAS-ID profile to port security

By default, the device sends its device name in the NAS-Identifier attribute of all RADIUS requests.

A NAS-ID profile enables you to send different NAS-Identifier attribute strings in RADIUS requests from different VLANs. The strings can be organization names, service names, or any user categorization criteria, depending on the administrative requirements.

For example, map the NAS-ID companyA to all VLANs of company A. The device will send companyA in the NAS-Identifier attribute for the RADIUS server to identify requests from any Company A users.

You can apply a NAS-ID profile to port security globally or on a port. On a port, the device selects a NAS-ID profile in the following order:

  1. The port-specific NAS-ID profile.

  2. The NAS-ID profile applied globally.

If no NAS-ID profile is applied or no matching binding is found in the selected profile, the device uses the device name as the NAS-ID.

For more information about the NAS-ID profile configuration, see "Configuring AAA."

To apply a NAS-ID profile to port security:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Apply a NAS-ID profile.

  • In system view:port-security nas-id-profile profile-name

  • In interface view:

    1. interface interface-type interface-number

    2. port-security nas-id-profile profile-name

By default, no NAS-ID profile is applied in system view or in interface view.