Working with RADIUS attributes
Colubris AV-Pair - Site attribute values
15-66
The following table shows possible results when polling is active for both the primary and
secondary servers.
Example
The following creates an access list called redirect which is used to redirect HTTP traffic for
authenticated users to either srv1.mycompany.com or srv2.mycompany.com depending
on which one is active. Port 8080 is used to forward traffic. If neither the primary or
secondary DNAT-SERVER is available, all traffic is accepted.
The following entry is added to the local profile for the controller:
access-list=redirect,DNAT-SERVER,tcp,all,80
access-list=redirect,ACCEPT,all,all,all
The following entry is added to the RADIUS profile for each user:
dnat-
server=redirect,srv1.mycompany.com,8080,srv2.mycompany.com,8080
Server 1 Server 2 Description
UP UP Traffic matching the DNAT-SERVER rule is forwarded to server
1.
UP DOWN Traffic matching the DNAT-SERVER rule is forwarded to server
1.
DOWN UP Traffic matching the DNAT-SERVER rule is forwarded to server
2.
DOWN DOWN No action is performed for the DNAT-SERVER rule. Processing
moves to the next rule in the list. To accept all traffic if both
servers are down, define this rule as:
ACCEPT,all,all,all
To Next Page
Loading...
Need help?
General
