Dell PowerConnect W Clearpass 100 Software 3.9 Deployment Guide - Page 120
Defining Attribute Tags, Adding Authorization Conditions to Attribute Definitions, Value
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 120 highlights
Enter a value for this attribute in the Value field. For integer enumerated attributes, choose an appropriate value from the Value drop-down list. To calculate the value of the attribute using an expression, See "Dictionary" in this chapter. Additional attributes can be added by clicking the Add Attribute button at the bottom of the window. When all the attributes have been added, click the Save Changes button to create this user role. You must click the Save Changes button before any of the changes you have made will take effect in the user role. A warning message will be displayed if you attempt to navigate away from the RADIUS Role Editor page while there are unsaved changes. Defining Attribute Tags Certain attributes, principally those defined in RFC 2868, have a "tag" value associated with them. The tag value is a small number (1 to 31). To define a tag value for these attributes, prefix the value with the tag number surrounded by colons (:). For example, to set the Tunnel-Private-Group-Id attribute to 1000 with a tag of 1, type :1:1000 into the Value field. Adding Authorization Conditions to Attribute Definitions You are able to attach authorization conditions to attribute definitions. The choices for an attribute condition are: Always - the attribute will always be included in the RADIUS server's response. Never - the attribute is never included in the response. This option can be used to disable an attribute without deleting it. Enter condition expression... - the attribute will be included in the response only if the expression is true. See "Example: Time of Day Conditions" and "Example: Time-Based Authorization" in this chapter. Expressions must be entered as PHP code. Use condition expressions to perform authorization decisions at the time a RADIUS access request is performed. For example, you can alter the authorization for a user role depending on the time of day. It is also possible to refuse access when a certain condition is met. Several functions are available for use in attribute conditions. See "Standard RADIUS Request Functions" in the Reference chapter for detailed documentation about these functions. 120 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide