User Guide
OmniAccess SafeGuard OS Administration Guide
245
Chapter 6: Configuring Authentication and Role Derivation
aaa extended white-list entry_name
Suppose your IT department has a lab or office where they perform installations.
The devices boot with a special DCHP class ID, which is changed during the
installation. The following example creates an extended white list entry called
“WHinstall” for those device installations.
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #aaa extended white-list WHinstall
(SafeGuardOS) (white-list)#
To remove a white-list entry, use the no version of the command after removing
the apply. For details see Removing an Extended White List Entry on page 248.
2 (Optional) Add a description of the extended white-list entry.
This step allows you to define a string that describes the entry. Specify the
description in double quotation marks. In White-list submode, use the
description statement using the following syntax:
description string
The following example creates a description statement for DHCP installations:
(SafeGuardOS) (config) #aaa extended white-list WHinstall
(SafeGuardOS) (white-list)#description “DHCP installs white list”
(SafeGuardOS) (white-list)#
To delete a description statement, use the no version of the command.
3 (Optional) Specify logical operators
Extended white-list entries support the boolean AND and OR logical operators
when performing the attribute match. When the AND operation is specified the
set statements are only evaluated if all the match statements are true. If the OR
operation is specified, the set statements are evaluated if any of the match
statements are true. The expression is short-circuit evaluated for increased system
performance. Use the following syntax for the operation statement in White-list
submode:
Syntax
Description
entry_name The name of the white list entry being
created.
Syntax
Description
string The description of the white list being
created. Enter the string in double
quotation marks.