Filter
Top Products
628 | ManagementAccess DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Configuring RADIUS Server Authentication with VSA
In this scenario, an external RADIUS server authenticates management users and returns to the controller the Dell
vendor-specific attribute (VSA) called Dell-Admin-Role that contains the name of the management role for the user.
The authenticated user is placed into the management role specified by the VSA.
The controller configuration is identical to the "Configuring RADIUS Server Username and Password
Authentication" on page 627. The only difference is the configuration of the VSA on the RADIUS server. Ensure
that the value of the VSA returned by the RADIUS server is one of the predefined management roles. Otherwise, the
user will have
no
access to the controller.
Configuring RADIUS Server Authentication with Server Derivation Rule
NOTE: Dell controllers do not make use of any returned attributes from a TACACS+ server.
A RADIUS server can return to the controller a standard RADIUS attribute that contains one of the following
values:
l The name of the management role for the user
l A value from which a management role can be derived
For either situation, configure a server-derivation rule for the server group.
In the following example, the RADIUS server returns the attribute Class to the controller. The value of the attribute
can be either “root” or “network-operations” depending upon the user; the returned value is the role granted to the
user.
NOTE: Ensure that the value of the attribute returned by the RADIUS server is one of the predefined management roles. Otherwise,
the management user will not be granted access to the controller.
In the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select RADIUS Server to display the Radius Server List.
a. To configure a RADIUS server, enter the name for the server (for example, rad1) and click Add.
b. Select the name to configure server parameters, such as IP address. Select the Mode checkbox to activate the
server.
c. Click Apply.
3. Select Server Group to display the Server Group list.
a. Enter the name of the new server group (for example, corp_rad) and click Add.
b. Select the name to configure the server group.
c. Under Servers, click New to add a server to the group.
d. Select a server from the drop-down menu and click Add Server.
e. Under Server Rules, click New to add a server rule.
f. For Condition, select Class from the scrolling list. Select value-of from the drop-down menu. Select Set Role
from the drop-down menu.
g. Click Add.
h. Click Apply.
4. Navigate to the Configuration > Management > Administration page.