Support User Manuals

Alcatel-Lucent 8950 AAA Computer Accessories User Manual

Open as PDF

of 476

............................................................................................................................................................................................................................................................

Understanding and Creating Attribute SetsUsing the 8950 AAA Policy Assistant in Server

Management Tool

9-16

365-360-001R6.0

Issue 1, December 2008

............................................................................................................................................................................................................................................................

Understanding and Creating Attribute Sets

About Attribute Set

8950 AAA uses two key actions during Access-Request processing to authorize users and

configure user sessions upon successful authentications: performing authorization checks

and session provisioning. Attributes contain the information used to support these actions.

Other RADIUS servers generally require that you set this type of information as part of

each user’s profile. With the PolicyAssistant it is possible to create an attribute set for a

policy which contains the information that the server applies to all users of the policy.

Authorization checks are logical tests of information that accompany a user’s access

request or that are known about the request (for example, the date and time a request is

received) against a set of authorization rules. The server tests the information it receives

against verification attributes, also called check-items, stored in an attribute set or possibly

a user’s profile. By including appropriate verification attributes in a policy, a variety of

rules can be enforced. For example, users might be permitted to use ISDN connections,

required to dial-in to a particular phone number, or use a specific access protocol, such as

PPP. Table 9-9 lists attributes commonly used as verification attributes.

Figure 9-9 Sample List of Verification Attributes

Attribute Name

Description of Use of this

Attribute as a Verification

Attribute Example

NAS-IP-Address Limits access to requests sent from

a NAS at this IP Address

NAS-IP-Address =

10.0.1.2

Service-Type Only allow requests of this service

type

Service-Type = Framed-

Protocol

Framed-Protocol Only allows requests that only use

the specified Framed-Protocol

Framed-Protocol = PPP

Called-Station-Id Limits access to sessions that were

made through this phone number.

Called-Station-Id =

5105551212

NAS-Port-Type Only accept this type of

connection. (i.e., ISDN or Async—

Analog).

NAS-Port-Type = Async

Expiration Rejects Access-Requests placed

after the specified date.

Expiration = “Mar 27

2005”

Activation Rejects Access-Requests placed

before the specified date.

Activation = “Dec 25

2005”

previous next