Using Identity Management
Figure 197: User Matched to a Defined Role
user login: sharpster
Role-Based Access Control
You enable role-based access control on the switches and ports where user login data is identified. Then
you define user roles that include conditions to match the user who has logged into the network.
Roles, Policies, and Rules
Roles
Ridgeline's role-based access control supports two default roles:
Authenticated
●
Unauthenticated
●
Authenticated identities are those detected through netlogin (any of the netlogin methods) or through
Kerberos snooping.
When a query is sent to Active Directory, it searches user attributes. Based on the LDAP attributes the
switch receives, Ridgeline places these attributes under a configured role. If they match those on the
server, they are classified under the authenticated role.
Ridgeline classifies role attributes that cannot be identified as a user configured role as unauthenticated.
250
rrodgers
"rrodgers"
"rrodgers"
"sharpster"
Active
directory
Company = "EXTR"
Match
State = "CA"
criteria
Department = "NMS"
Role = "US Engineer"
Ridgeline Concepts and Solutions Guide
EX_idm_0004