user host 10.1.1.25 svc-dns permit time-range working-hours
user alias “Internal Network” any deny
user any svc-http permit time-range working-hours
user any svc-https permit time-range working-hours
user any any deny
(host)(config) #user-role guest
session-acl guest
Creating Roles and Policies for Sysadmin and Computer
The allowall policy, a predefined policy, allows unrestricted access to the network. The allowall policy is
mapped to both the sysadmin user role and the computer user role.
In the WebUI
1. Navigate to Configuration > Security > Access Control > User Roles page. Click Add to create the
sysadmin role.
2. For Role Name, enter sysadmin.
3. Under Firewall Policies, click Add. In Choose from Configured Policies, select the predefined allowall policy.
Click Done.
4. Click Apply.
In the CLI
(host)(config) #user-role sysadmin
session-acl allowall
Creating a computer role
In the WebUI
1. Navigate to Configuration > Security > Access Control > User Roles page. Click Add to create the
computer role.
2. For Role Name, enter computer.
3. Under Firewall Policies, click Add. In Choose from Configured Policies, select the predefined allowall policy.
Click Done.
4. Click Apply.
In the CLI
Use the following command to create a computer role:
(host)(config) #user-role computer
session-acl allowall
Creating an Alias for the Internal Network
In the CLI
(host)(config) #netdestination “Internal Network”
network 10.0.0.0 255.0.0.0
network 172.16.0.0 255.255.0.0
Configuring the RADIUS Authentication Server
Configure the RADIUS server IAS1, with IP address 10.1.1.21 and shared key. The RADIUS server is configured
to sent an attribute called Class to the switch; the value of this attribute is set to either “student,” “faculty,” or
“sysadmin” to identify the user’s group. The switch uses the literal value of this attribute to determine the role
name.
AOS-W 6.5.3.x | User Guide 802.1X Authentication | 275
To Next Page
Loading...