Contributor I

IP based static host list usage



how can an IP address based SHL be used in a role mapping profile?


We want to assign a role based on the client IP address of a VPN client where the the Radius:IETF:Tunnel-Client-Endpoint attribute matches an entry in the (IP based) SHL.


This seems to work when using


as it allows to match on a SHL (belongs_to_group).


But we don´t get that attribute from the VPN gateway.

We only get Radius:IETF:Tunnel-Client-Endpoint


Essentially, VPN clients behind specified NAT IPs that connect to VPN gateways should get a dedicated role assigned.

Based on that role, enforcement should sent an attribute to the VPN gateway to treat those clients special.


Is there a way to make Radius:IETF:Tunnel-Client-Endpoint also match on entries in a SHL?









Search Airheads
Showing results for 
Search instead for 
Did you mean: