Alcatel-Lucent omniaccess User Manual
Configuring AAA Servers
97
Chapter 9
The server rules are applied based on the first match principle. The first rule
that is applicable for the server and the attribute returned will be applied to the
user and would be the only rule applied from the server rules.
that is applicable for the server and the attribute returned will be applied to the
user and would be the only rule applied from the server rules.
These rule will also be applied uniformly across all the authentication types
that use the server as the primary authentication server.
that use the server as the primary authentication server.
Example
Based on the filter-ID returned, users will be classified as admin, employee
and guest.
and guest.
If none of the rules match, the role is set to the default role of the
authentication type.
authentication type.
Condition
The condition specifies the match method using which the string
in Value is matched with the attribute value returned by the AAA
server.
in Value is matched with the attribute value returned by the AAA
server.
z
contains – the rule is applied if and only if the attribute value
contains the string in parameter Value.
contains the string in parameter Value.
z
Starts-with – the rule is applied if and only if the attribute
value returned starts with the string in parameter Value
value returned starts with the string in parameter Value
z
Ends-with – the rule is applied if and only if the attribute value
returned ends with the string in parameter Value
returned ends with the string in parameter Value
z
Equals - rule is applied if and only if the attribute value
returned equals with the string in parameter Value
returned equals with the string in parameter Value
z
Not-equals - rule is applied if and only if the attribute value
returned is not equal to the string in parameter Value
returned is not equal to the string in parameter Value
z
Value-of – This is a special condition. What this implies is that
the role or VLAN is set to the value of the attribute returned.
For this to be successful, the role and the VLAN ID returned
as the value of the attribute selected must be already config-
ured on the switch when the rule gets applied.
the role or VLAN is set to the value of the attribute returned.
For this to be successful, the role and the VLAN ID returned
as the value of the attribute selected must be already config-
ured on the switch when the rule gets applied.
Value
This specifies the value that the attribute must match along with
the condition for the rule to be applied.
the condition for the rule to be applied.
Role /
VLAN
VLAN
The role or the VLAN applied to the user when the rule is
matched.
matched.
Parameter
Value
Role
MS-Filter
EMP
employee
MS-Filter
ADMIN
Admin