Configuring Set-value Server-derivation Rule

ArubaOS 8.6.0.0Help Center

You are here: Home > Management Access > Radius Server Authentication > Configuring Set-value Server-derivation Rule

Configuring Set-value Server-derivation Rule

The following procedure describes how to configure the set-value for a server-derivation rule

1.In theManaged Networknode hierarchy, navigate to theConfiguration > Authentication > Auth Serverspage.

2.Select aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.Server from theAll Serverstable.

a.To add a newRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server, click+in theAll Serverstable and enter the name for the server (for example, rad1) and clickSubmit.

b.Select the name to configure server parameters, such as IP address. TheModecheck box is enabled by default to activate the server.

c.ClickSubmit.

d.ClickPending Changes.

e.In thePending Changeswindow, select the check box and clickDeploy changes.

3.Select a server group from theServer groupstable to display the Server Group list.

a.To add a new server group, click+and enter the name of the new server group (for example, corp_rad) and clickSubmit.

b.Select the name to configure the server group.

c.Under Servers, clickNewto add a server to the group.

d.Select a server fromAdd existing serverand clickSubmit.

e.Under Server Rules, click+to add a server rule.

f.For Condition, select an attribute from theAttributescrolling list. Selectequalsfrom theOperationdrop-down list. Enterit. Select设置角色from theActiondrop-down list. ForRole, selectrootfrom the drop-down list.

g.ClickSubmit.

h.ClickPending Changes.

i.In thePending Changeswindow, select the check box and clickDeploy changes.

4.导航到theConfiguration > System > Admintab.

a.Expand theAdmin Authentication optionsaccordion, select a management role (for example, read-only) for theDefault Role.

b.ForServer Group, select the server group that you just configured.

c.ClickSubmit.

d.ClickPending Changes.

e.In thePending Changeswindow, select the check box and clickDeploy changes.

In the CLI

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands configure the set-value.

aaa authentication-server radius rad1

host <ipaddr>

enable

aaa server-group corp_rad

auth-server rad1

set role condition Class equals it set-value root

aaa authentication mgmt

default-role read-only

enable

server-group corp_rad

For more information about configuring server-derivation rules, seeConfiguring Server-Derivation Rules.

/*]]>*/

Send Feedback