cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
6089
Views
0
Helpful
2
Replies
stephane.walker
Beginner

Cisco WSA : What is RADIUS CLASS attribute ?

Hello !

I am trying to use a radius server Cisco ISE as an external authentication server for WSA. I would like to assign roles for groups of users but i don't understand the meaning of RADIUS CLASS attribute. What am I supposed to write in this field ?

Thank you,

Stéphane Walker

1 ACCEPTED SOLUTION

Accepted Solutions
Ken Stieers
VIP Advocate

The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 

Then when you config the WSA, you set them appropriately there...  

 

But you can really use any string you want to, they just need to match appropriately.

 

HTH, 

Ken

View solution in original post

2 REPLIES 2
Ken Stieers
VIP Advocate

The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 

Then when you config the WSA, you set them appropriately there...  

 

But you can really use any string you want to, they just need to match appropriately.

 

HTH, 

Ken

stephane.walker
Beginner

Thank you Ken for your answer.

I succeeded to assign roles for groups of users and found that RADIUS CLASS field corresponds in fact to the Class[25] radius attribute. So I set an authorization profile in my radius server with a Class[25] attribute equals to the RADIUS CLASS field in WSA and it worked very well.

Stephane

Create
Recognize Your Peers
Content for Community-Ad