Working with RADIUS attributes
Colubris AV-Pair - Site attribute values
15-36
Within each access list, traffic cascades through the list rules in a similar manner.
Access list rules are numbered according to the order in which they are specified. Only data
that is not accepted or denied by a rule is available to the next rule in the list.
Accounting support
Each rule in an access list can be configured with an account name for billing purposes. The
controller sends billing information based on the amount of traffic matched by the rule.
This lets you create rules to track and bill traffic to particular destinations.
Tips on using the access list
With certificates
If you replaced the default SSL certificate on the controller with one signed by a well-
known CA, you should define the access list to permit access to the CA certificate for all
non-authenticated users. This enables the user’s browser to verify that the certificate is
valid without displaying any warning messages.
Users may have configured their Web browsers to check all SSL certificates against the
Certificate Revocation List (CRL) maintained by the CA that issued the certificate. The
location of the CRL may be configured in the browser, or embedded in the certificate.
The access list should be configured to permit access to the CRL, otherwise the user’s
browser times out before displaying the login page.
Remote login page
If you are using the remote login page feature, make sure that access to the Web server
hosting the login page is granted to all unauthenticated users via the site access list.
DENY
DENY
DENY
NO MATCH
NO MATCH
NO MATCH
ACCEPT
ACCEPT
ACCEPT
DENY
NO MATCH ACCEPT
Rule 1
Rule 2
Rule 3
Incoming traffic
To Next Page
Loading...
Need help?
General
