cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7303
Views
0
Helpful
2
Replies

Cisco WSA : What is RADIUS CLASS attribute ?

stephane.walker
Level 1
Level 1

Hello !

I am trying to use a radius server Cisco ISE as an external authentication server for WSA. I would like to assign roles for groups of users but i don't understand the meaning of RADIUS CLASS attribute. What am I supposed to write in this field ?

Thank you,

Stéphane Walker

1 Accepted Solution

Accepted Solutions

The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 

Then when you config the WSA, you set them appropriately there...  

 

But you can really use any string you want to, they just need to match appropriately.

 

HTH, 

Ken

View solution in original post

2 Replies 2

The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 

Then when you config the WSA, you set them appropriately there...  

 

But you can really use any string you want to, they just need to match appropriately.

 

HTH, 

Ken

stephane.walker
Level 1
Level 1

Thank you Ken for your answer.

I succeeded to assign roles for groups of users and found that RADIUS CLASS field corresponds in fact to the Class[25] radius attribute. So I set an authorization profile in my radius server with a Class[25] attribute equals to the RADIUS CLASS field in WSA and it worked very well.

Stephane

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: