RADIUS Policy Settings

This guide explains the condition settings and policy settings required to configure a RADIUS policy.

Condition Settings

Condition settings define the targets to which the policy applies.

You can specify policy targets using connection information.

Available Attributes

Attribute Item

Description

User-name

Authenticated User Name

Calling-Station-Id

MAC address of the requesting device

Called-Stastion-Id

MAC address of the connected device (AP)

Called-Station-SSID

SSID of the connected device (AP)

Framed-IP-Address

IP address of the connected device

NAS-Port

Physical port number of the connected device

NAS-Identifier

Hostname of the connected device

Service-Type

Type of service to request or provide (login, callback login, authentication, etc.)

Fiter-Id

Name of the filter list for the connected user

Login-IP-Host

System to connect to when using login service attributes

Class

Vendor-Specific

Manufacturer name of the connected device

NAS-Port-Type

Type of connected port (wireless-802.11, ethernet, adsl, etc.)

Connect-Info

NAS-Port-ID

Port of the connected device

Aruba-User-Role

User role name of Aruba AAA profile

Aruba-Essid-Name

Aruba ESSID (Network consisting of one or more APs using the same SSID)

Policy Settings

This item configures the policy to apply to authenticated users.
By default, it is set to allow/deny authenticated users.
You can grant additional attributes to authenticated users.

Additional Attributes

Attribute Item

Description

Example

VLAN Number/Name (Tunnel-Private-Group-Id)

VLAN Assignment

Number 1~4092

Cisco-AVPair(ip:inacl)

ACL setting for Inbound packets

permit ip host 192.168.1.203 any

Cisco-AVPair(ip:outacl)

ACL setting for Outbound packets

deny ip host 192.168.1.203 any

Cisco-AVPair(security-group-tag)

Security Group Tag

Cisco-AVPair(url-redirect-acl)

ACL name created on Cisco device

Cisco-AVPair(url-redirect)

Redirect Address

http(s)://IP or DOMAIN

Cisco(AVPair)

Cisco AVPair Attribute

String

Filter-ID

ACL name configured on the access device

NAS-Filter-Rule

ACL List Setting

permit in tcp from any to any

Session-Timeout

Session termination value after authentication

Seconds

Termination-Action

Action after session expiration

1 (Re-authenticate), 0 (Terminate)

Manual Input

Direct input of detailed attribute values

String

After completing the Basic Settings, Condition Settings, and Policy Settings, click the Update button at the bottom.

For attribute items, please refer to the RFC2865 document.