Filter
Top Products
Working with public access attributes
Colubris AV-Pair attribute - Site values
The RADIUS profile for every student contains the following:
use-access-list=students
The RADIUS profile for every faculty member contains the following:
use-access-list=faculty
This definitions create three access lists: everyone, students, and faculty.
Everyone
This list applies to all users (students, teachers, guests), whether they are authenticated or
not. This is because the list is active on the service controller, which is accomplished with the
entry:
use-access-list=everyone
It enables everyone to access the public Web server.
Students
This list applies to authenticated students only. It is composed of the following entries:
access-list=students,ACCEPT,tcp,192.168.50.1,80,students_reg,500
Enables Web traffic to the registration Web server. Accounting data is recorded in the
account students_reg.
access-list=students,ACCEPT,all,192.168.40.0/24,all
Enables traffic to reach the student segment.
access-list=students,DENY,all,192.168.20.0/24,all
access-list=students,DENY,all,192.168.30.0/24,all
These two entries deny access to the faculty subnet and the NOC.
access-list=students,ACCEPT,all,all.all,student_internet_use,5000
Enables all other traffic to reach the Internet (via routers on the backbone LAN and the
router in the NOC). If this last rule did not exist, this traffic would be dropped.
Faculty
This list applies to authenticated faculty members only. It is composed of the following
entries:
access-list=faculty,ACCEPT,tcp,192.168.50.1,80,faculty_reg,500
Enables Web traffic to the registration Web server. Accounting data is recorded in the
account faculty_reg.
access-list=faculty,ACCEPT,all,192.168.30.0/24,all
Enables traffic to reach the faculty segment.
access-list=faculty,DENY,all,192.168.20.0/24,all
access-list=faculty,DENY,all,192.168.40.0/24,all
These two entries deny access to the student subnet and the NOC.
9-40