Cisco Cisco Clean Access 3.5
6-21
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 6 User Management: Auth Servers
Map Users to Roles Using Attributes or VLAN IDs
Note
For the Cisco VPN Server type, VLAN IDs may not be available for mapping if there are
multiple hops between the CAS and the VPN concentrator.
multiple hops between the CAS and the VPN concentrator.
8.
Add Condition (Save Condition)— Make sure to configure the condition, then click Add
Condition to add the condition to the rule expression (otherwise your configuration is not saved).
Condition to add the condition to the rule expression (otherwise your configuration is not saved).
Add Mapping Rule to Role (B)
9.
Role Name — After you have added at least one condition, choose the user role to which you will
apply the mapping from the dropdown menu.
apply the mapping from the dropdown menu.
10.
Priority—Select a priority from the dropdown to determine the order in which mapping rules are
tested. The first rule that evaluates to true is used to assign the user a role.
tested. The first rule that evaluates to true is used to assign the user a role.
11.
Rule Expression— To aid in configuring conditional statements for the mapping rule, this field
displays the contents of the last Condition to be added. After adding the condition(s), you must click
Add Mapping Rule to save all the conditions to the rule.
displays the contents of the last Condition to be added. After adding the condition(s), you must click
Add Mapping Rule to save all the conditions to the rule.
12.
Description— An optional description of the mapping rule.
13.
Add Mapping (Save Mapping) — Click this button when done adding conditions to create the
mapping rule for the role. You have to Add or Save the mapping for a specified role, or your
configuration and your conditions will not be saved.
mapping rule for the role. You have to Add or Save the mapping for a specified role, or your
configuration and your conditions will not be saved.
Figure 6-15
Example Add LDAP Mapping Rule (Attribute)