Example: Setting Up A Vsa To Return Ridgeline Role Information - Extreme Networks Ridgeline Guide Manual

If you have created your own custom roles, you can set a Vendor-Specific Attribute (VSA) to send the
appropriate role information along with the authentication status of the user.
There are a number of steps required to set up your RADIUS server to provide authentication and
authorization for Ridgeline users. The following provides an overview of the process. A detailed
example can be found in
Configure Ridgeline (using Ridgeline Administration) to act as a RADIUS client.
●
In your authentication database, create a Group for each administrative role you plan to use in
●
Ridgeline, and then configure the appropriate users with the appropriate group membership. For
example, if you want to authenticate both Ridgeline admin and manager users, you must create a
group for each one.
Within the RADIUS server, do the following:
●
- Add Ridgeline as a RADIUS client
- Create Remote Access Policies for each Ridgeline role, and associate each policy with the
appropriate Active Directory group. For example, if you plan to have both Ridgeline admin
and manager users, you must create a Remote Access Policy for each one, then associate each
policy with the appropriate group.
- Edit each Remote Access Policy to configure it with the appropriate Service Type attribute
value or VSA for the appropriate Ridgeline role.
The following examples briefly explain how to configure a remote access policy so that the RADIUS
server will pass role information to Ridgeline. If you have created custom roles for Ridgeline users, you
must use a VSA to handle that role information. If you are just using the predefined (built-in) roles in
Ridgeline, you can use either a Service Type setting, or a VSA. Examples of both are provided here.
See Appendix D, "Configuring RADIUS for Ridgeline Authentication"
configuring Ridgeline and your RADIUS server to accomplish user authentication.

Example: Setting up a VSA to Return Ridgeline Role Information

The following is an example of how to set up the VSA in Windows 2000 for a custom (user-defined)
role named "AlarmsOnly". Note that you must have an Administrator Role in Ridgeline to perform
these steps.
This assumes that Ridgeline has been configured as a RADIUS client in Ridgeline Administration, and
on the RADIUS server. (See
detailed walk-through example of how to configure and external RADIUS server for Ridgeline
authentication.)
1 In Ridgeline Administration, create a role named "AlarmsOnly".
2 From the Internet Authentication Service (IAS), add or edit a Remote Access Policy.
Setup the policy conditions as appropriate.
Remote access policies are a set of conditions and connection parameters that are used to grant users
remote access permissions and connection usage.
3 Click "Edit Profile" to edit the remote access policy. Go to the "Advanced" tab and add a "Vendor-
Specific" attribute.
Setup the attribute with the following values:
Vendor code: 1916
Vendor-assigned attribute number: 210
Ridgeline Concepts and Solutions Guide
Appendix D, "Configuring RADIUS for Ridgeline
Appendix D, "Configuring RADIUS for Ridgeline Authentication"
Authentication".
for a detailed example of
191
13
for a