nas-ip (RADIUS scheme view)
Use nas-ip to specify a source IP address for outgoing RADIUS packets.
Use undo nas-ip to delete the source IP address of the specified type for outgoing RADIUS packets.
Syntax
nas-ip { ipv4-address | ipv6 ipv6-address }
undo nas-ip [ ipv6 ]
Default
The source IP address of an outgoing RADIUS packet is that specified by using the radius nas-ip command in system view.
If the radius nas-ip command is not configured, the source IP address is the primary IP address of the outbound interface.
Views
RADIUS scheme view
Predefined user roles
network-admin
mdc-admin
Parameters
ipv4-address: Specifies an IPv4 address, which must be an address of the device. The IP address cannot be 0.0.0.0, 255.255.255.255, a class D address, a class E address, or a loopback address.
ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device and cannot be a loopback address or a link-local address.
Usage guidelines
The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS that is configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving a RADIUS packet, a RADIUS server checks whether the source IP address of the packet is the IP address of a managed NAS.
If the source IP address of the packet is the IP address of a managed NAS, the server processes the packet.
If the source IP address of the packet is not the IP address of a managed NAS, the server drops the packet.
As a best practice, specify a loopback interface address as the source IP address for outgoing RADIUS packets to avoid RADIUS packet loss caused by physical port errors.
If you use both the nas-ip command and radius nas-ip command, the following guidelines apply:
The setting configured by using the nas-ip command in RADIUS scheme view applies only to the RADIUS scheme.
The setting configured by using the radius nas-ip command in system view applies to all RADIUS schemes.
The setting in RADIUS scheme view takes precedence over the setting in system view.
A RADIUS scheme can have only one source IPv4 address and one source IPv6 address for outgoing RADIUS packets.
If you do not specify the ipv6 keyword for the undo nas-ip command, the command deletes the configured source IPv4 address for outgoing RADIUS packets.
Examples
# In RADIUS scheme radius1, specify IP address 10.1.1.1 as the source IP address for outgoing RADIUS packets.
<Sysname> system-view [Sysname] radius scheme radius1 [Sysname-radius-radius1] nas-ip 10.1.1.1
Related commands
display radius scheme
radius nas-ip