Dell PowerConnect W Clearpass 100 Software 3.7 Deployment Guide - Page 53
Example: Time-Based Authorization, Add Attribute, Good morning, guest., Good afternoon, Save Changes
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 53 highlights
2. Click the Add Attribute tab. 3. Select the Reply-Message attribute from the drop-down list and enter the string value Good morning, guest. 4. Select Enter condition expression... from the Condition drop-down list and enter the following code in the Expression text field: return date('a') == 'am'; 5. Click the Add Attribute button. 6. Repeat the above steps, but use the string value Good afternoon, guest and the following code in the Expression text field: return date('a') == 'pm'; 7. Click the Save Changes button to apply the new settings to the role. Explanation: PHP's date() function returns the current time and date; http://www.php.net/date for full details. The 'a' argument will cause the function to return either 'am' or 'pm' depending on the server's current time of day. Finally, the result of the == equality comparison is used with the return statement to determine which attribute value is included in the response. Example: Time-Based Authorization In this example, users will be authorized to access the network only between the local time of 7:30am and 8:00pm. 1. Create a new role named Sample role. 2. Click the Add Attribute tab. 3. Select the Reply-Message attribute from the drop-down list. Any attribute can be used for this example, because the attribute will never be included in the response. 4. Select Enter condition expression... from the Condition drop-down list and enter the following code in the Expression text field: return (date("Hi") < "0730" || date("Hi") >= "2000") && AccessReject(); 5. Click the Add Attribute button. 6. Click the Save Changes button to apply the new settings to the role. Explanation: This expression is evaluated every time an Access-Request is made. date("Hi") is the RADIUS server's local time as hours and minutes with a 24-hour clock (0000, 0001, ..., 0730, 0731, ... 1959, 2000, ..., 2359). If it is before 07.30 (< "0730") or after 20.00 (>= "2000") then an Access-Reject will be generated. Otherwise, the parenthesized expression will be false, and the attribute will not be sent (nor will an access-reject be sent). Example: Accounting-Based Authorization Authorization decisions can also be made based on the accounting records available to the RADIUS server. In this example, users will be authorized only if their total traffic in the past day does not exceed 10 MB. 1. Create a new role named Sample role. 2. Click the Add Attribute tab. 3. Select the Reply-Message attribute from the drop-down list. Any attribute can be used for this example, because the attribute will never be included in the response. Amigopod 3.7 | Deployment Guide RADIUS Services | 53