Configuring Set-value Server-derivation Rule

The following procedure describes how to configure the set-value for a server-derivation rule

  1. In the Managed Network node hierarchy, navigate to the Configuration > Authentication > Auth Servers page.
  2. Select a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Server from the All Servers table.
    1. To add a new RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server, click + in the All Servers table and enter the name for the server (for example, rad1) and click Submit.
    2. Select the name to configure server parameters, such as IP address. The Mode check box is enabled by default to activate the server.
    3. Click Submit.
    4. Click Pending Changes.
    5. In the Pending Changes window, select the check box and click Deploy changes.
  3. Select a server group from the Server groups table to display the Server Group list.
    1. To add a new server group, click + and enter the name of the new server group (for example, corp_rad) and click Submit.
    2. Select the name to configure the server group.
    3. Under Servers, click New to add a server to the group.
    4. Select a server from Add existing server and click Submit.
    5. Under Server Rules, click + to add a server rule.
    6. For Condition, select an attribute from the Attribute scrolling list. Select equals from the Operation drop-down list. Enter it. Select Set Role from the Action drop-down list. For Role, select root from the drop-down list.
    7. Click Submit.
    8. Click Pending Changes.
    9. In the Pending Changes window, select the check box and click Deploy changes.
  4. Navigate to the Configuration > System > Admin tab.
    1. Expand the Admin Authentication options accordion, select a management role (for example, read-only) for the Default Role.
    2. For Server Group, select the server group that you just configured.
    3. Click Submit.
    4. Click Pending Changes.
    5. In the Pending Changes window, select the check box and click Deploy changes.

In the CLI

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure the set-value.

aaa authentication-server radius rad1

  host <ipaddr>

  enable

 

aaa server-group corp_rad

  auth-server rad1

  set role condition Class equals it set-value root

 

aaa authentication mgmt

  default-role read-only

  enable

  server-group corp_rad

For more information about configuring server-derivation rules, see Configuring Server-Derivation Rules.