cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

3541
Views
0
Helpful
2
Replies
Highlighted

Cisco WSA : What is RADIUS CLASS attribute ?

Hello !

I am trying to use a radius server Cisco ISE as an external authentication server for WSA. I would like to assign roles for groups of users but i don't understand the meaning of RADIUS CLASS attribute. What am I supposed to write in this field ?

Thank you,

Stéphane Walker

1 ACCEPTED SOLUTION

Accepted Solutions
Collaborator

The CLASS attribute is

The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 

Then when you config the WSA, you set them appropriately there...  

 

But you can really use any string you want to, they just need to match appropriately.

 

HTH, 

Ken

2 REPLIES 2
Collaborator

The CLASS attribute is

The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 

Then when you config the WSA, you set them appropriately there...  

 

But you can really use any string you want to, they just need to match appropriately.

 

HTH, 

Ken

Thank you Ken for your answer

Thank you Ken for your answer.

I succeeded to assign roles for groups of users and found that RADIUS CLASS field corresponds in fact to the Class[25] radius attribute. So I set an authorization profile in my radius server with a Class[25] attribute equals to the RADIUS CLASS field in WSA and it worked very well.

Stephane