Radius policy settings
This guide explains the required condition and policy settings for configuring RADIUS policies.
Condition Settings
Condition settings define the target to which the policy is applied.
You can use connection information to specify the policy target.
Available Attributes
Attribute Description User-name Authenticated user name Calling-Station-Id MAC address of the requesting device Called-Stastion-Id MAC address of the device (AP) being accessed Called-Station-SSID SSID of the accessed device (AP) Framed-IP-Address IP address of the accessed device NAS-Port Physical port number of the accessed device NAS-Identifier Hostname of the accessed device Service-Type Type of service requested or provided (login, callback login, authentication, etc.) Fiter-Id Name of the filter list for the accessing user Login-IP-Host System to connect to when using login service attribute Class Vendor-Specific Manufacturer name of the accessed device NAS-Port-Type Type of port used for access (wireless-802.11, ethernet, adsl, etc.) Connect-Info NAS-Port-ID Port of the accessed device Aruba-User-Role User role name in Aruba AAA profile Aruba-Essid-Name Aruba ESSID (a network composed of one or more APs using the same SSID)
Policy Settings
These settings define the policy to be applied to an authenticated user.
By default, the authenticated user is either allowed or denied access.
Additional attributes can be assigned to the authenticated user.
Additional Attributes
Attribute Description Example VLAN Number/Name (Tunnel-Private-Group-Id) Assign VLAN Number 1~4092 Cisco-AVPair(ip:inacl) ACL for inbound packets permit ip host 192.168.1.203 any Cisco-AVPair(ip:outacl) ACL for outbound packets deny ip host 192.168.1.203 any Cisco-AVPair(security-group-tag) Security group tag Cisco-AVPair(url-redirect-acl) ACL name configured on Cisco device Cisco-AVPair(url-redirect) Redirect URL http(s)://IP or DOMAIN Cisco(AVPair) Cisco AVPair attribute String Filter-ID ACL name configured on access device NAS-Filter-Rule ACL rule list permit in tcp from any to any Session-Timeout Session timeout after authentication Seconds Termination-Action Action after session expires 1 (Re-auth), 0 (Terminate) Manual Input Directly input detailed attribute values String
Once the default settings, condition settings, and policy settings are complete, click the Update button at the bottom.
For details on attribute fields, please refer to the RFC2865 document.