.. _radius_policy: RADIUS Policy Settings ====================== This guide explains the condition settings and policy settings required to configure a RADIUS policy. Condition Settings ------------------ | Condition settings define the targets to which the policy applies. | You can specify policy targets using connection information. **Available Attributes** .. csv-table:: :header: "Attribute Item","Description" :class: longtable :widths: 20 80 User-name,Authenticated User Name Calling-Station-Id,MAC address of the requesting device Called-Stastion-Id,MAC address of the connected device (AP) Called-Station-SSID,SSID of the connected device (AP) Framed-IP-Address,IP address of the connected device NAS-Port,Physical port number of the connected device NAS-Identifier,Hostname of the connected device Service-Type,"Type of service to request or provide (login, callback login, authentication, etc.)" Fiter-Id,Name of the filter list for the connected user Login-IP-Host,System to connect to when using login service attributes Class, Vendor-Specific,Manufacturer name of the connected device NAS-Port-Type,"Type of connected port (wireless-802.11, ethernet, adsl, etc.)" Connect-Info, NAS-Port-ID,Port of the connected device Aruba-User-Role,User role name of Aruba AAA profile Aruba-Essid-Name,Aruba ESSID (Network consisting of one or more APs using the same SSID) Policy Settings --------------- | This item configures the policy to apply to authenticated users. | By default, it is set to allow/deny authenticated users. | You can grant additional attributes to authenticated users. **Additional Attributes** .. csv-table:: :header: "Attribute Item","Description","Example" :class: longtable :widths: 30 50 20 VLAN Number/Name (Tunnel-Private-Group-Id),VLAN Assignment,Number 1~4092 Cisco-AVPair(ip:inacl),ACL setting for Inbound packets,permit ip host 192.168.1.203 any Cisco-AVPair(ip:outacl),ACL setting for Outbound packets,deny ip host 192.168.1.203 any Cisco-AVPair(security-group-tag),Security Group Tag, Cisco-AVPair(url-redirect-acl),ACL name created on Cisco device, Cisco-AVPair(url-redirect),Redirect Address,http(s)://IP or DOMAIN Cisco(AVPair),Cisco AVPair Attribute,String Filter-ID,ACL name configured on the access device, NAS-Filter-Rule,ACL List Setting,permit in tcp from any to any Session-Timeout,Session termination value after authentication,Seconds Termination-Action,Action after session expiration,"1 (Re-authenticate), 0 (Terminate)" Manual Input,Direct input of detailed attribute values,String After completing the Basic Settings, Condition Settings, and Policy Settings, click the Update button at the bottom. For attribute items, please refer to the `RFC2865 `_ document.