Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco WSA : What is RADIUS CLASS attribute ?

Hello !

I am trying to use a radius server Cisco ISE as an external authentication server for WSA. I would like to assign roles for groups of users but i don't understand the meaning of RADIUS CLASS attribute. What am I supposed to write in this field ?

Thank you,

Stéphane Walker

1 ACCEPTED SOLUTION

Accepted Solutions

The CLASS attribute is

The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 

Then when you config the WSA, you set them appropriately there...  

 

But you can really use any string you want to, they just need to match appropriately.

 

HTH, 

Ken

2 REPLIES

The CLASS attribute is

The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 

Then when you config the WSA, you set them appropriately there...  

 

But you can really use any string you want to, they just need to match appropriately.

 

HTH, 

Ken

New Member

Thank you Ken for your answer

Thank you Ken for your answer.

I succeeded to assign roles for groups of users and found that RADIUS CLASS field corresponds in fact to the Class[25] radius attribute. So I set an authorization profile in my radius server with a Class[25] attribute equals to the RADIUS CLASS field in WSA and it worked very well.

Stephane

1539
Views
0
Helpful
2
Replies