Command of the Day

Reply
Aruba Employee

COTD: configure aaa radius-attribute

"conf t aaa radius-attributes add ..."
Last week we used the "show aaa radius-attributes" to list the named attributes the switch knows about and of course the attributes you can use to derive vlans and roles.
This week, we go one step further and actually define a new RADIUS dictionary attribute for the switch to use:
Step 1:
Name your attribute, like "Filter-ID", but not exactly like "Filter-ID" because that name's already taken. Say "my-att":
(Greig) (config) #aaa radius-attributes add my-att ?
INT Attribute ID
Step 2:
Give the attribute a RADIUS attribute number. This is the number that will be present in the RADIUS response.
(Greig) (config) #aaa radius-attributes add my-att 8192 ?
date Attribute type is Date
integer Attribute type is Integer
ipaddr Attribute type is IP address
string Attribute type is String
Step 3:
Define what type of data this attribute is.
(Greig) (config) #aaa radius-attributes add my-att 8192 ipaddr ?
vendor A Vendor Specific Attribute
Step 4 (optional):
Specify if it is a Vendor Specific Attribute (VSA).
(Greig) (config) #aaa radius-attributes add my-att 8192 ipaddr vendor ?
STRING Vendor Name
Step 5 (if proceeding through step 4):
Name the vendor
(Greig) (config) #aaa radius-attributes add my-att 8192 ipaddr vendor Me ?
INTEGER Vendor Id
Step 6 (if proceeding through step 4):
Give the Vendor's RADIUS ID:
(Greig) (config) #aaa radius-attributes add my-att 8192 ipaddr vendor Me 8192 ?
And then you're finished.
(Greig) (config) #show aaa radius-attributes | include 8192
my-att 8192 IP Addr Me 8192
(Greig) (config) #
If you now configure your RADIUS server with the same attribute information you can pass specialised information between the RADIUS server and the controller. Note that normally, it's the RADIUS server that bends to how the RADIUS client wants it to behave. With Aruba, we have the flexibility to bend to how a RADIUS server would like to return information.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: