The radius-server authorization match-type command configures the method in which the device checks whether the RADIUS attributes in the received CoA or DM Request packet match user information on the device.
The undo radius-server authorization match-type command restores the default setting.
By default, a device checks whether the RADIUS attributes in the received CoA or DM Request packet match user information on the device using the any method, namely, the device checks whether a specific RADIUS attribute in the received CoA or DM Request packet matches user information on the device.
radius-server authorization match-type { any | all }
undo radius-server authorization match-type
Parameter |
Description |
Value |
|---|---|---|
any |
Indicates that the device checks whether a specified attribute matches user information on the device. |
- |
all |
Indicates that the device checks whether all attributes match user information on the device. |
- |
Usage Scenario
all method: The device checks whether all attributes match user information on the device. It identifies the following RADIUS attributes used by users in the listed order: Acct-Session-ID (44), Calling-Station-Id (31), Framed-IP-Address (8), and User-Name (1). The device matches one or more of the preceding attributes in the Request packet against user information on the device. If all the attributes are successfully matched, the device responds with an ACK packet; otherwise, the device responds with a NAK packet.
Precautions
When the RADIUS attribute translation function is configured in the RADIUS template using the radius-attribute translate command, the match will fail.
Currently, the any method supports only the Acct-Session-ID (44), Calling-Station-Id (31), and Framed-IP-Address (8) attributes. The device does not match other attributes against user information on the device.