Table of Contents
Advertisement
See "RADIUS Accounting" on page 7-1 to configure a new RADIUS accounting server for
selection in the drop-down list.
Alternatively, you can select the Create... option to open a window that enables you to
configure a new RADIUS accounting server. After you save the server information, you
are returned to the New RADIUS server page where you can select the RADIUS
accounting server from the drop-down list.
Mapping
Define the rules to determine if the user is authenticated. For each rule:
1.
RADIUS
a)
attributes to
b)
roles
c)
d)
Optional. Use the commands included in the Row Management drop-down list to
2.
change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.
Remember, the BSC evaluates rules in the order in which they are listed here on the
New RADIUS server page.
Select the default user role from the Default role drop-down list. The selected default
3.
role is the role the BSC assigns the user if none of rules is true.
Access Control
Optional. Return the MAC and IP addresses stored on the RADIUS server's access control
Lists
lists for the user authenticated into this role.
To return a list of MAC addresses allowed for this user, enter the appropriate RADIUS
server attribute in the MAC ACL Attribute field (case-sensitive). To allow this user to be
authenticated from any MAC address, in the access control list on the RADIUS server,
enter the string "exception" instead of a MAC address for this user. Use commas as
delimiters when entering multiple attributes. The format of the MAC address is
00:00:00:...
To return a list of IP addresses allowed for this user, enter the appropriate RADIUS server
attribute in the IP ACL Attribute field. To allow this user to be authenticated from any IP
address, in the access control list on the RADIUS server, enter the string "exception"
instead of an IP address for this user.
Post Login
Optional. Enter a Redirect URL Attribute to specify a URL to which the user should be
redirected.
Note that there are two other places in the UI in which redirection can be specified. The
user is redirected to one of the following URLs (if specified) in the order of precedence
listed:
1.
The Redirect URL Attribute field on either the RADIUS page or the LDAP page
accessed on the User Authentication tab. (See "RADIUS Authentication" on page 6-2
and "LDAP/Active Directory Authentication" on page 6-6.)
The URL Redirect field on the Edit Role page ("Defining a Role" on page 8-4).
2.
BlueSecure™ Controller Setup and Administration Guide
Enter the appropriate RADIUS attribute in the Attribute field.
Select the appropriate logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the Logic drop-down list.
Enter the appropriate value to check against the specified attribute in the Value
field.
Select the role to assign to the user if the rule evaluates as true and the user is
authenticated from the Role drop-down list.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2to
define a new role available for selection in the drop-down list.
Alternatively, you can select the Create New... option to open a window that
enables you to define a new role. After you save the role information, you are
returned to the New RADIUS server page where you can select the role from the
drop-down list.
RADIUS Authentication
6-5
Advertisement
Table of Contents
