How to customizing the RADIUS Attributes in 8.x

MVP Expert
MVP Expert
Requirement:

Starting from ArubaOS 8.1.0.0, the users can now configure RADIUS modifier profile to customize the attributes that are included, excluded and modified in the RADIUS request before it is sent to the authentication server.



Solution:

The RADIUS modifier profile can be configured and applied to either Access- Request or Accounting-Request or both on a RADIUS authentication or accounting server. This profile can contain up to 64 RADIUS attributes with static values that are used either to add or update in the request and another 64 RADIUS attributes to be excluded from the Requests.

Two new parameters have been added in the RADIUS modifier profile :

  • auth-modifier: When assigned, it references to a RADIUS modifier profile which is applied to all Access-Requests sending to this RADIUS authentication server.
  • acct-modifier: When assigned, it references to a RADIUS modifier profile which is applied to all Accounting-Requests sending to this RADIUS accounting server.

 



Configuration:

To create a RADIUS modifier profile to customize the attributes that are included, excluded and modified in the RADIUS request before it is sent to the authentication or accounting server: 

In the WebUI
1. On a Mobility Master node hierarchy, navigate to Configuration > System > Profiles.
2. Click Wireless LAN.
3. Click Radius Modifier.
4. Under the Radius Modifier Profile:New Profile, Click + to add a RADIUS modifier profile.
5. Enter the Profile name.
6. In +Attr field, click + and enter the name and strvalue for the attribute you want to include and click OK.
      The name field should be available in the list of attributes when we execute the command, show aaa radius-attribute command.
7. In the -Attr field, click + and enter the name of the attribute you want to exclude and click OK.
8. Click Save as and enter the name of the Radius Modifier Profile.
9. Click Submit.
10.Click Pending Changes.
11.In the Pending Changes window, select the check box and click Deploy changes.

In the CLI
(host) [md] (config) #aaa authentication-server radius radius1
(host) [md] (RADIUS Server "radius1) #
acct-modifier
acctport

auth-modifier
authport
……
(host) [md] (config) #aaa radius modifier <profile_name>
clone
exclude
include
no
(host) [md] #show aaa radius modifier <profile_name>



Verification

Use the show aaa radius modifier command to display a list of RADIUS modifier profiles . To create a RADIUS modifier profile with customized attributes, use the aaa radius-attributes command.

Example
Example for Included attribute
(host) [md](config) #aaa radius-attributes add BW-Area-Code 18 integer vendor Boingo 22472
(host) [md](Radius Modifier Profile "radmodifier1") # include BW-Area-Code static "212"
(host) [md](Radius Modifier Profile "radmodifier1") # no include BW-Area-Code


Example for excluded attribute
(host) [md](config) #aaa radius-attributes add BW-Area-Code 18 integer vendor Boingo 22472
(host) [md](Radius Modifier Profile "radmodifier1") # exclude BW-Area-Code
(host) [md](Radius Modifier Profile "radmodifier1") # no exclude BW-Area-Code

Example for modified attribute
Default attributes to carry to radius server can be modified with include option.
(host) [md](Radius Modifier Profile "radmodifier1") # include "Aruba-location-id" static "Shim-office"

Version history
Revision #:
1 of 1
Last update:
‎03-24-2019 03:22 PM
Updated by:
 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: