Table of Contents
Advertisement
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment
If you configure an authentication method that requires communication with a RADIUS server,
you can use the RADIUS Filter‐ID attribute to dynamically assign a policy profile and/or
management level to authenticating users and/or devices.
The RADIUS Filter‐ID attribute is simply a string that is formatted in the RADIUS Access‐Accept
packet sent back from the RADIUS server to the switch during the authentication process.
Each user can be configured in the RADIUS server database with a RADIUS Filter‐ID attribute
that specifies the name of the policy profile and/or management level the user should be assigned
upon successful authentication. During the authentication process, when the RADIUS server
returns a RADIUS Access‐Accept message that includes a Filter‐ID matching a policy profile name
configured on the switch, the switch then dynamically applies the policy profile to the physical
port the user/device is authenticating on.
Filter-ID Attribute Formats
Enterasys Networks supports two Filter‐ID formats — "decorated" and "undecorated." The
decorated format has three forms:
•
To specify the policy profile to assign to the authenticating user (network access
authentication):
Enterasys:version=1:policy=string
where string specifies the policy profile name. Policy profile names are case‐sensitive.
•
To specify a management level (management access authentication):
Enterasys:version=1:mgmt=level
where level indicates the management level, either ro, rw, or su.
•
To specify both management level and policy profile:
Enterasys:version=1:mgmt=level:policy=string
The undecorated format is simply a string that specifies a policy profile name. The undecorated
format cannot be used for management access authentication.
Decorated Filter‐IDs are processed first. If no decorated Filter‐IDs are found, then undecorated
Filter‐IDs are processed. If multiple Filter‐IDs are found that contain conflicting values, a Syslog
message is generated.
Setting the Authentication Login Method
Purpose
To configure the authentication login method.
Commands
The commands used to configure the authentication login method are listed below and described
in the associated section as shown:
25-50 Authentication Configuration
clear cep
- Quick Links:
- Set Ip Address
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the Enterasys Matrix DFE-Gold Series and is the answer not in the manual?