Software Update Guide for 4.1.3.93 to 4.4.0.50
8
Configuring Uplink Subnets
4. Add a set of rows to the Rights Table such that when a client is authenti-
cated, he will be matched to the appropriate Access Policy for the subnet
to which he should have access.
For example, you might have a set of Identity Profiles defined that match
the group Identity information returned with a successful RADIUS
authentication—Accounting, Engineering, and so on. You could create a
set of rows in the Rights Table that associate each Identity Profile with
the Access Policy for the subnet in which an authenticated client should
be placed:
Now, when clients connect to the system, they are placed into the appropriate
subnet based on their Identity Profile. The location through which the con-
nection is made is not relevant in this case.
If you were using Connection Profiles to filter on incoming VLAN tags under
4.1.3.93, you can still do this in 4.4.0.50. However, the Connection Profiles
would no longer need to have a 1-to-1 correspondence to a downlink port—
the Connection Profile could use the default Location Everywhere, but filter
so only traffic with the correct VLAN tag would match the Connection Profile.
To duplicate the functionality of version 4.1.3.93, you might add rows to the
Rights Table as follows:
In this case, the VLAN tag associated with the incoming traffic determines
what subnet a client is directed to, but the dependency on entering via a
specific port is removed.
Row Identity Profile Connection Profile Access Policy
2 Accounting Any Subnet A access
3 Engineering Any Subnet B access
and so on...
Row Identity Profile Connection Profile Access Policy
2 Authenticated VLAN 20 traffic Subnet A access
3 Authenticated VLAN 30 traffic Subnet B access
and so on...