Attribute Value Expressions; Example: Using Request Attributes In A Value Expression; Example: Location-Specific Vlan Assignment - Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual

4. Select Enter condition expression... from the Condition drop-down list and enter the following code
in the Expression text field:
return GetUserTraffic(86400) > 10485760 && AccessReject();
5. Click the
6. Click the
The GetUserTraffic() function (
user's sessions in the past 24 hours (86,400 seconds). If this is greater than 10 MB (10,485,760 bytes), the
AccessReject() function causes the user's access request to be rejected. Otherwise, the entire expression
will evaluate to false, and the user will be authorized. Note that the attribute will not be included in the
response, as the condition expression was evaluated to false.

Attribute Value Expressions

A PHP expression can also be used to calculate the value that the RADIUS server should return for a
particular attribute.
To use this feature, use one of these two possible syntaxes when entering the value for an attribute:
<?= expression – The PHP expression is evaluated and used as the value for the attribute.

<?php statement ; – The PHP statement is evaluated. To include a value for the attribute, the statement

must be a return statement; that is, return expression;
A syntax error in the expression or statement will cause all RADIUS authorization requests to fail with an Access-
Reject. To use the RADIUS Debugger feature, See
problems with your code in value expressions.
Several predefined functions and variables are available for use in value expressions. See
Expression Technical Reference"

Example: Using Request Attributes in a Value Expression

In this example, the Reply-Message attribute will be modified to greet the user with their username.
1. Create a new role named Sample role.
2. Click the
3. Select the Reply-Message attribute from the drop-down list and enter the following value:
<?= " Hello , " . GetAttr("user-name")
4. Select Always from the Condition drop-down list and click the
5. Click the
Explanation: See
RADIUS server with the Access-Request. Here, the User-Name attribute is retrieved. PHP's string
concatenation operator ( . ) is used to build a greeting message, which will be used as the value of the
attribute returned to the NAS in the Access-Accept packet.
Identical behavior could also be achieved using the following code in the attribute's value:
<?php return "Hello, " . GetAttr("user-name");

Example: Location-Specific VLAN Assignment

In this example, the value of a vendor-specific VLAN attribute will be modified based on the NAS to which
visitors are connecting.
54 | RADIUS Services
Add Attribute button.
Save Changes button to apply the new settings to the role.
"GetUserTraffic()"
in the Reference chapter for details.
Add Attribute tab.
Save Changes button to apply the new settings to the role.
"GetAttr()" . This function returns the value of an attribute that was supplied to the
in the Reference chapter) returns the total traffic for the
"Debug RADIUS Server"
Add Attribute button.
in this chapter to diagnose any
"View Display
Amigopod 3.7 | Deployment Guide