Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
241242243244245246247248249250
OmniAccess SafeGuard OS Administration Guide
247
Chapter 6: Configuring Authentication and Role Derivation
When both match conditions are satisfied, the set command assigns the user name
and role for the host.
(SafeGuardOS) (config) #aaa extended white-list WHinstall
(SafeGuardOS) (white-list)#description “DHCP installs white list”
(SafeGuardOS) (white-list)#operation and
(SafeGuardOS) (white-list)#match system.srcIP contained-by 192.168.0.0 /
24
(SafeGuardOS) (white-list)#match dhcp.classID equals “DLSINSTL”
(SafeGuardOS) (white-list)#set system.username “INSTALL”
(SafeGuardOS) (white-list)#set system.roleName “ONLYIT”
(SafeGuardOS) (white-list)#
The same result could be accomplished using an attribute rule that could be
referenced by multiple extended white list entries:
(SafeGuardOS) (config) #aaa attribute-rule installMachine
(SafeGuardOS) (attr-rule)#description “DHCP match conditions”
(SafeGuardOS) (attr-rule)#operation and
(SafeGuardOS) (attr-rule)#match system.srcIP contained-by 192.168.0.0 / 24
(SafeGuardOS) (attr-rule)#match dhcp.classID equals “DLSINSTL”
(SafeGuardOS) (attr-rule)#exit
(SafeGuardOS) (config) #
(SafeGuardOS) (config) #aaa extended white-list WHinstall
(SafeGuardOS) (white-list)#description “DHCP installs white list”
(SafeGuardOS) (white-list)#match attribute-rule installMachine
(SafeGuardOS) (white-list)#set system.username “INSTALL”
(SafeGuardOS) (white-list)#set system.roleName “ONLYIT”
(SafeGuardOS) (white-list)#exit
(SafeGuardOS) (config) #
Apply the White List and Assign a Precedence
The final step is to apply the white list. White lists are evaluated in precedence order from
lowest number (1) to highest number (65535). Do not assign the same precedence number
to multiple white lists.
Use the aaa extended white-list apply command in Global Configuration mode using the
following syntax:
aaa extended white-list apply list_name (precedence number)
class.attr The name of a system or DHCP
attribute. These attributes are listed in
Table 18 on page 241 and Table 19 on
page 243.
Syntax Description list_name Name of the white list that is being bound.
number Specifies the precedence order for the white
list. Valid values are 1 through 65535, with 1
being the highest precedence value.