EasyManua.ls Logo

Enterasys Matrix DFE-Gold Series

Enterasys Matrix DFE-Gold Series
944 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment clear cep
25-50 Authentication Configuration
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment
IfyouconfigureanauthenticationmethodthatrequirescommunicationwithaRADIUSserver,
youcanusetheRADIUSFilterIDattributetodynamicallyassignapolicyprofileand/or
managementleveltoauthenticatingusersand/ordevices.
TheRADIUSFilterIDattributeissimplyastringthatisformattedintheRADIUSAccess
Accept
packetsentbackfromtheRADIUSservertotheswitchduringtheauthenticationprocess.
EachusercanbeconfiguredintheRADIUSserverdatabasewithaRADIUSFilterIDattribute
thatspecifiesthenameofthepolicyprofileand/ormanagementleveltheusershouldbeassigned
uponsuccessfulauthentication.During
theauthenticationprocess,whentheRADIUSserver
returnsaRADIUSAccessAcceptmessagethatincludesaFilterIDmatchingapolicyprofilename
configuredontheswitch,theswitchthendynamicallyappliesthepolicyprofiletothephysical
porttheuser/deviceisauthenticatingon.
Filter-ID Attribute Formats
EnterasysNetworkssupportstwoFilterIDformats“decorated”and“undecorated.”The
decoratedformathasthreeforms:
•Tospecifythepolicyprofiletoassigntotheauthenticatinguser(networkaccess
authentication):
Enterasys:version=1:policy=string
wherestringspecifiesthepolicyprofilename.Policyprofilenamesarecasesensitive.
•Tospecifyamanagementlevel(managementaccess
authentication):
Enterasys:version=1:mgmt=level
wherelevelindicatesthemanagementlevel,eitherro,rw,orsu.
•Tospecifybothmanagementlevelandpolicyprofile:
Enterasys:version=1:mgmt=level:policy=string
Theundecoratedformatissimplyastringthatspecifiesapolicyprofilename.Theundecorated
formatcannotbeusedformanagementaccessauthentication.
DecoratedFilterIDsareprocessed
first.IfnodecoratedFilterIDsarefound,thenundecorated
FilterIDsareprocessed.IfmultipleFilterIDsarefoundthatcontainconflictingvalues,aSyslog
messageisgenerated.
Setting the Authentication Login Method
Purpose
Toconfiguretheauthenticationloginmethod.
Commands
Thecommandsusedtoconfiguretheauthenticationloginmethodarelistedbelowanddescribed
intheassociatedsectionasshown:

Table of Contents

Related product manuals