Specifications
OmniAccess Reference: AOS-W System Reference
410 Part 031652-00 May 2005
Configuring Role Derivation
The simplest option for role derivation is to configure a default role for the
captive portal user. This role will be assigned to the user after successful
authentication. This should be used when there is only one role to be
configured and can be done as follows:
Create the captive portal role:
If using the Wireless LAN switch internal database, define the
role condition:
If using an external RADIUS server, skip this step.
Otherwise, if the internal database is used and the role configured in the
database is to be used as the role after authentication, the following server rule
must be configured:
This means that if the Role attribute is present, its value is used for the role.
If using an external RADIUS server, define the role conditions:
If using the switch internal database, skip this step.
Otherwise, if using an external RADIUS server, server rules must be configured
to examine attributes returned by the server. Any attribute can be used, but
one common attribute is Filter-Id. To use the attribute the server must first be
configured to return this attribute with the right role.
The following commands can be used to allow the Wireless LAN switch to
derive the role from a valid server attribute:
This means that if the Role attribute is present, its value is used for the role.
There are various other operators in addition to value-of such as contains,
equals and not-equals which can be used in the commands above.
If no role value is found, the default role for the captive portal will remain guest.
(config) # aaa captive-portal default-role employee
(config)# aaa server-rule Internal
(server-rule) # set role condition Role value-of
(config)# aaa server-rule IAS
(server-rule) # set role condition Filter-Id value-of
1
2
3