User Guide
OmniAccess SafeGuard OS Administration Guide
246
Chapter 6: Configuring Authentication and Role Derivation
operation [AND | OR]
The AND logical operator specifies that all conditions must be said to match.
(SafeGuardOS) (config) #aaa extended white-list WHinstall
(SafeGuardOS) (white-list)#description “DHCP installs white list”
(SafeGuardOS) (white-list)#operation and
4 Specify the match statements.
Match statements can be included directly in the body of an extended white list, or
indirectly using an attribute rule. For more information on match statements see Specify
the match statements. on page 240.
To build on our existing example:
(SafeGuardOS) (config) #aaa extended white-list WHinstall
(SafeGuardOS) (white-list)#description “DHCP installs white list”
(SafeGuardOS) (white-list)#operation and
(SafeGuardOS) (white-list)#match system.srcIP contained-by 192.168.0.0 /
24
(SafeGuardOS) (white-list)#match dhcp.classID equals “DLSINSTL”
5 Set the values in the attribute map.
Values in the attribute map can be set two ways:
— They can be set the current value of an attribute in the map.
— They can be set explicitly using the command line. Use the set statement in
White-list submode using this syntax:
set system.attr [value | value-of class.attr]
Syntax Description AND Specifies that all of the conditions in the
following match statements must be true for
the attribute rule to be true.
OR (Default) Specifies that only one of the match
statements must be true for the attribute rule
to be true.
Syntax Description system.attr The name of a system attribute. Possible
values are:
■ system.roleName
■ system.forceAgeOut
■ system.userName
value The value of the attribute in the
attribute map, such as the value of
dhcp.classID.