Parameter Description
Role or VLAN The server derivation rules apply to either user role or VLAN assignment. With
Role assignment, a client can be assigned a specific role based on the attributes
returned. In VLAN assignment, the client can be placed in a specific VLAN based
on the attributes returned.
Attribute This is the attribute returned by the authentication server that is examined for
Operation and Operand match.
Operation This is the match method by which the string in Operand is matched with the
attribute value returned by the authentication server.
n contains : The rule is applied if and only if the attribute value contains the
string in parameter Operand.
n starts-with : The rule is applied if and only if the attribute value returned
starts with the string in parameter Operand.
n ends-with : The rule is applied if and only if the attribute value returned ends
with the string in parameter Operand.
n equals : The rule is applied if and only if the attribute value returned equals
the string in parameter Operand.
n not-equals : The rule is applied if and only if the attribute value returned is
not equal to the string in parameter Operand.
n value-of : This is a special condition. What this implies is that the role or
VLAN is set to the value of the attribute returned. For this to be successful,
the role and the VLAN ID returned as the value of the attribute selected
must be already configured on the switch when the rule is applied.
Operand This is the string to which the value of the returned attribute is matched.
Value The user role or the VLAN name applied to the client when the rule is matched.
position Position of the condition rule. Rules are applied based on the first match
principle. One is the top.
Default: bottom
Table 51: Server Rule Configuration Parameters
Using the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Server Group to display the Server Group list.
3. Enter the name of the new server group and click Add.
4. Select the name to configure the server group.
5. Under Servers, click New to add a server to the group.
a. Select a server from the drop-down list and click Add.
b. Repeat the above step to add other servers to the group.
6. Under Server Rules, click New to add server derivation rules for assigning a user role or VLAN.
a. Enter the attribute.
b. Select the operation from the drop-down list.
c. Enter the operand.
d. To set the role, select set role from the Set drop-down list and enter the value to be assigned from the
Value drop-down list.
e. Or, to set the vlan, select set vlan from the Set drop-down list and select the VLAN name or ID from the
Value drop-down list and click the left-arrow.
AOS-W 6.5.3.x | User Guide Authentication Servers | 204
To Next Page
Loading...