User Guide
OmniAccess SafeGuard OS Administration Guide
235
Chapter 6: Configuring Authentication and Role Derivation
To create a white list, use the aaa session-tracking white-list id command in Global
Configuration mode.
aaa session-tracking white-list id int user name
[[mac-address macaddr mac-mask macmask]|
[ip-address
ipaddr net-mask netmask]] [host hostname]
[
comment text] [role rolename] [force-timeout sec]
In the following example, user cisco_1_&2_users is added to the white list and is
authenticated with the role of engineer:
(SafeGuardOS) #configure terminal
Syntax Description int An unique integer for this white-list entry.
name A string identifying the user.
macaddr The MAC address for this user session. MAC
addresses may be specified in any of the
following formats:
■ aa:bb:cc:dd:ee:ff
■ aabb:ccdd:eeff
■ aa-bb-cc-dd-ee-ff
■ aabb.ccdd.eeff
■ aabbccddeeff
macmask Specifies the MAC mask in dotted-quad
notation. To specify a wildcard match, use
zeros in the lower portion of the mask,
i.e. ff:ff:ff:00:00:00
ipaddr IP address of the user.
netmask Specifies the IP mask. To specify a wildcard
match, use zeros in the lower portion of the
address, i.e. 255.255.255.0
hostname Hostname of the client machine.
text Description or comment as to why this entry is
being made. Enter comments within double
quotation marks.
rolename Role being assigned to this user. Once
assigned, the user no longer runs role
derivation; the system uses this assignment.
sec Specifies the timeout in seconds. Valid range is
0 to 518400 seconds. Default is 0 seconds.
Specifying 0 seconds indicates no timeout for
the session being placed on the white list. Note
that a white-list force-timeout value will take
precedence over a protocol-based timeout.