Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller

101

102

103

104

105

106

107

108

109

110

RADIUS Authentication

BlueSecure™ Controller Setup and Administration Guide 6-5

See “RADIUS Accounting” on page 7-1 to configure a new RADIUS accounting server for

selection in the drop-down list.

Alternatively, you can select the Create… option to open a window that enables you to

configure a new RADIUS accounting server. After you save the server information, you

are returned to the New RADIUS server page where you can select the RADIUS

accounting server from the drop-down list.

Mapping

RADIUS

attributes to

roles

1. Define the rules to determine if the user is authenticated. For each rule:

a) Enter the appropriate RADIUS attribute in the Attribute field.

b) Select the appropriate logic operator (equal to, not equal to, starts with, ends

with, contains, or [is a role]) from the Logic drop-down list.

c) Enter the appropriate value to check against the specified attribute in the Value

field.

d) Select the role to assign to the user if the rule evaluates as true and the user is

authenticated from the Role drop-down list.

See “Defining User Roles to Enforce Network Usage Policies” on page 8-2to

define a new role available for selection in the drop-down list.

Alternatively, you can select the Create New… option to open a window that

enables you to define a new role. After you save the role information, you are

returned to the New RADIUS server page where you can select the role from the

drop-down list.

2. Optional. Use the commands included in the Row Management drop-down list to

change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.

Remember, the BSC evaluates rules in the order in which they are listed here on the

New RADIUS server page.

3. Select the default user role from the Default role drop-down list. The selected default

role is the role the BSC assigns the user if none of rules is true.

Access Control

Lists

Optional. Return the MAC and IP addresses stored on the RADIUS server’s access control

lists for the user authenticated into this role.

To return a list of MAC addresses allowed for this user, enter the appropriate RADIUS

server attribute in the MAC ACL Attribute field (case-sensitive). To allow this user to be

authenticated from any MAC address, in the access control list on the RADIUS server,

enter the string “exception” instead of a MAC address for this user. Use commas as

delimiters when entering multiple attributes. The format of the MAC address is

00:00:00:...

To return a list of IP addresses allowed for this user, enter the appropriate RADIUS server

attribute in the IP ACL Attribute field. To allow this user to be authenticated from any IP

address, in the access control list on the RADIUS server, enter the string “exception”

instead of an IP address for this user.

Post Login Optional. Enter a Redirect URL Attribute to specify a URL to which the user should be

redirected.

Note that there are two other places in the UI in which redirection can be specified. The

user is redirected to one of the following URLs (if specified) in the order of precedence

listed:

1. The Redirect URL Attribute field on either the RADIUS page or the LDAP page

accessed on the User Authentication tab. (See “RADIUS Authentication” on page 6-2

and “LDAP/Active Directory Authentication” on page 6-6.)

2. The URL Redirect field on the Edit Role page (“Defining a Role” on page 8-4).