Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Configuring RADIUS Return Attributes Policies (NSM Procedure)
You can configure RADIUS attributes policies on the Infranet Controller to send return list attributes to an 802.1X network access device. You can also configure other functions on a network access device's port based on the role assigned to the user who is currently using that port.
To configure RADIUS attributes policies:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the Infranet Controller device for which you want to configure RADIUS return attributes policies.
- Click the Configuration tab. In the configuration tree, select UAC > Network Access > RADIUS Attributes > RADIUS Return Attributes Policies.
- Add or modify RADIUS return attributes policies as specified in Table 23.
- Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.
Table 23: RADIUS Return Attributes Policies Configuration Details
Option | Function | Your Action |
|---|---|---|
Name | Specifies a name for the RADIUS return attribute policy. | Enter a name for the RADIUS return attribute policy. |
Description | Describes the RADIUS return attribute policy. | Enter a brief description for the RADIUS return attribute policy. |
Location Group | Specifies the location groups for the RADIUS attributes policies. | Select the location group from the Non-member list and click Add to move them to the Members list. Note: To apply the policy to all location groups, do not add any location groups and leave the default setting (all) listed in the Selected Location Groups list. |
Enable Open port | Disables assigning endpoints to a VLAN or returning any RADIUS attributes. | Select this option to disable all other RADIUS attributes options. |
Enable VLAN | Enables VLAN assignment according to RFC 3580 by returning the RADIUS tunnel attributes to the network access device. | Select this option to configure VLAN assignment. Note: Selecting this option is equivalent to manually specifying the three RFC 3580 RADIUS tunnel attributes in the Enable Return Attribute section. |
VLAN | Specifies the existing VLAN ID on the network infrastructure that you want to use for the role(s) to which this policy applies. | Specify the existing VLAN ID. |
Enable Return Attribute | Enables the return-attribute option. | Select this option to enable return attributes. |
return-attribute | Specifies the return attributes to be sent to the network access device. | Click return-attribute and add the return attribute.
|
Enable addition of Session-Timeout attribute with value equal to the Session Lifetime | Sends the Infranet Controller a session timeout value equal to the timeout value of the configured session length on all RADIUS accepts. | Clear this check box to prevent the Infranet Controller from sending a session timeout value equal to the timeout value of the configured session length on all RADIUS accepts. This allows you to set the reauthentication timer statically on the switch port, if required |
Interface | Specifies the Infranet Controller network interface for use by endpoints using RADIUS attributes policies to connect to the Infranet Controller. |
|
Applies to Roles | Specifies the roles to which the policies apply. |
|
Role Selection | Lists the members and non—members for applying the policy. | Select the role from the Non-members list and click Add to move them to the Members list. |
