Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
271272273274275276277278279280
OmniAccess SafeGuard OS Administration Guide
276
Chapter 6: Configuring Authentication and Role Derivation
The following example is representative of the command:
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #interface 0/5
(SafeGuardOS) (interface 0/5) #aaa dot1x timeout reauth-period 3000
(SafeGuardOS) (interface 0/5) #
Role Derivation
As discussed in Authentication Component Process on page 203, after a user authenticates,
he or she is assigned to a user role. There are multiple methods for assigning a role to a
user. One assignment method is to explicitly configure the role using the white list.
Another method is to apply rule maps to groups of users.
Using this method, a role can be defined based on a set of rules called rule maps. A rule
map is a conditional set of statements that we process in a linear order to match the user
attributes. Each rule map contains:
A precedence value (which is the order that we apply the rule)
A series of rules
A name
A description
A value to set
A logical AND or OR operation
quiet-period
seconds
Sets the value, in seconds, of the timer used by the authenticator
state machine on this port to define periods of time in which it will
not attempt to acquire a supplicant. The quiet-period must be a
value in the range 0 - 65535. The default value is 60.
tx-period
seconds
Sets the value, in seconds, of the timer used by the authenticator
state machine on this port to determine when to send an EAPOL
EAP Request/Identity frame to the supplicant. The tx-period must be
a value in the range 1 - 65535. The default value is 30.
supp-timeout
seconds
Sets the value, in seconds, of the timer used by the authenticator
state machine on this port to timeout the supplicant. The supp-
timeout must be a value in the range 1 - 65535. The default value is
30.
server-timeout
seconds
Sets the value, in seconds, of the timer used by the authenticator
state machine on this port to timeout the authentication server. The
supp-timeout must be a value in the range 1 - 65535. The default
value is 30.