User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER

231

232

233

234

235

236

237

238

239

240

OmniAccess SafeGuard OS Administration Guide

239

Chapter 6: Configuring Authentication and Role Derivation

This step allows you to define a string that describes the entry. Specify the

description in double quotation marks. In Attribute Rule submode, use the

description statement using the following syntax:

description string

The following example creates a description statement for the customer briefing

center attribute rule set:

(SafeGuardOS) (config) #aaa attribute-rule briefingctr

(SafeGuardOS) (attr-rule) #description “Customer Briefing Center rules”

(SafeGuardOS) (attr-rule) #

To delete a description statement, use the no version of the command.

3 (Optional) Specify logical operators.

Attribute rule sets support the boolean AND and OR logical operators when

performing the attribute match. When the AND operator is specified, all match

statements within an attribute rule set must evaluate to true for the attribute rule

set to be true. When the OR operator is specified, the attribute rule set is true if

any of the match statements are true. The expression is short-circuit evaluated for

increased system performance. Use the following syntax for the operation

statement in Attribute Rule submode:

operator [AND | OR]

The following example explicitly sets the criteria for a customer briefing center.

The

match statement requirements are described in the next step.

(SafeGuardOS) (config) #aaa attribute-rule briefingctr

(SafeGuardOS) (attr-rule) #description “Customer Briefing Center rules”

(SafeGuardOS) (attr-rule) #operation and

(SafeGuardOS) (attr-rule) #match system.srcIP contained-by 172.58.0.0/24

(SafeGuardOS) (attr-rule) #match system.timeOfDay contained-by 8:00 /

17:00

(SafeGuardOS) (attr-rule) #exit

(SafeGuardOS) (config) #

Syntax

Description

string The description of the attribute rule

being created. Enter the string in

double quotation marks.

Syntax Description AND Specifies that all of the conditions in the

following match statements must be true for

the attribute rule to be true.

OR (Default) Specifies that only one of the match

statements must be true for the attribute rule

to be true.