User Guide
OmniAccess SafeGuard OS Administration Guide
244
Chapter 6: Configuring Authentication and Role Derivation
After specifying the match conditions, verify the attribute rule configuration using the
show aaa attribute-rules command in Privileged Exec mode. For details of this
command, see Showing Attribute Rules Information on page 249.
Create an Extended White List Entry
The extended white list allow you to specify a set of attributes for a host or a group of
hosts.
As mentioned earlier, place match statements in an attribute rule and then reference that
rule in the extended white list entry, or place them inline within the extended white list
entry, or a mixture of the two.
1 Create the extended white list by assigning a name to the entry.
The name of an extended white list is a text string to identify the entry; the name
has no bearing on the matches it performs. It must be unique within the white list.
To assign a name to an extended white list, enter White-list submode by using the
aaa extended white-list command in Global Configuration mode:
dhcp.vendorClass (60) Match rule based on value of dhcp.vendorClass. Must
be ASCII text string in order to be processed (if not, any
rule matches against them will fail). Supported
operations are:
■ contains
■ equals
■ exists
■ not
dhcp.userClass (77) Match rule based on value of dhcp.userClass. Must be
ASCII text string in order to be processed (if not, any rule
matches against them will fail). Supported operations
are:
■ contains
■ equals
■ exists
■ not
dhcp.leaseTime (51) Match rule based on the value of the lease time option.
Supported operations are:
■ equals
■ exists
■ greater than
■ less than
■ not
Table 19 DHCP Attributes for Attribute Rules (continued)