Enabling RADIUS Attributes

This describes how to configure RADIUS attributes and add them to a client.

1. Create the Attribute Set

Go to the 'RADIUS Attributes' page and click the 'Add Attributes' button. Name your Attribute Set to create it.

2. Manage Classes

Click the 'Manage classes' button (3 horizontal bars) in the 'Action' section. This will allow you to add/remove classes for your RADIUS Attributes. As of now we support 3 classes:

1. Constants are returned with any successful login, regardless of user.
2. Groups/conditional classes are evaluated in order. The first group listed that the authenticated user is a member of determines the value returned. If the user is not a member of any of the groups listed, the default value is returned.
3. MAC Address classes are evaluated by the longest matching prefix first. The longest MAC entry matching prefix determines the value returned. If the MAC address does not match any MAC entries listed, the default value is returned. If the MAC address does not match any MAC entries at all, the request is rejected.

3. Configure Rulesets

Click the 'Edit Ruleset' button in the 'Manage Classes' modal. Select an attribute in the dropdown and click 'Add Rule' to enter the value to be returned for that Radius Attribute. If you are working with a class that is not 'Constant', you will be provided a default case if it does not already exist, which will delineate a value to be returned if an instance of a class is used that does not have a particular rule value defined for it.

You can use the up and down arrows to reorder your rules as you please and the 'Delete' buttons to delete rules or an entire RADIUS Attribute and all of the rules within it. Note that in order to delete an Attribute Set, it must not be associated with any RADIUS Clients.

4. Assign the attributes to a client

Go to the 'RADIUS Clients' page. In the 'RADIUS Attributes' column, select an Attribute Set. Whenever a request is sent to that client, successful logins will return attributes according to the Attribute Set's specifications.

5. Test it out

You can test out what attributes will be returned by using the "Test Attributes" feature which is represented by a vial button next to each attribute on the RADIUS Attributes page. Enter a user or a MAC address to see what values will be returned.