radius-user

Configures a wireless client filter based on the RADIUS user name

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

radius-user [any|contains|ends-with|exact|not-contains|starts-with]

Parameters

radius-user [any|contains|ends-with|exact|not-contains|starts-with]
radius-user Specifies a wireless client filter based on how the ‘radius-user‘ name, returned by the RADIUS server, matches the provided expression. Select one of the following options: any, contains, exact, or not-contains.
any No specific RADIUS user name associated with this user-defined role. This role can be applied to any wireless client (no strings to match). This is the default setting.
contains <WORD> The role is applied only when the ‘radius-user‘ name, returned by the RADIUS server, contains the string specified in the role.
  • <WORD> – Specify the string to match (this is case sensitive, and is compared against the ‘radius-user‘ name returned by the RADIUS server). It should contain the provided expression.
Note: You can use the realm or any sub-string of the user name.
ends-with <WORD> Enables role assignment on the basis of the wireless client‘s “department” and/or “group”
  • <WORD> – Specify the string (could be department/group code). For example: 1005000002. In this the last three digits represent the department/group code. The remaining digits represent user‘s badge number.
Note: The role is applied only when the ‘radius-user‘ name, returned by the RADIUS server, ends with the string specified here.
exact <WORD> The role is applied only when the ‘radius-user‘ name, returned by the RADIUS server, exactly matches the string specified in the role.
  • <WORD> – Specify the exact string to match (this is case sensitive, and is compared against the ‘radius-user‘ name returned by the RADIUS server). It should be an exact match.
Note: Provide the complete user name along with the realm.
not-contains <WORD> The role is applied only when the ‘radius-user‘ name, returned by the RADIUS server, does not contain the string specified in the role.
  • <WORD> – Specify the string not to match (this is case sensitive, and is compared against the ‘radius-user‘ name returned by the RADIUS server). It should not contain the provided expression.
starts-with <WORD> Enables role assignment on the basis of the wireless client‘s “department” and/or “group” code
  • <WORD> – Specify the string (could be department/group code). For example: 0026100573. The first three digits represent the department/group code. The remaining digits represent user‘s badge number.
Note: The role is applied only when the ‘radius-user‘ name, returned by the RADIUS server, starts with the string specified here.

Examples

nx9500-6C8809(config-role-policy-test-user-role-testing)#radius-user contains test.com
nx9500-6C8809(config-role-policy-test-user-role-testing)#show context
 user-role testing precedence 1
  radius-user contains test.com
  company exact ExampleCompany
  emailid exact testing@examplecompany.com
nx9500-6C8809(config-role-policy-test-user-role-testing)#

Related Commands

no

Removes the MAC address and mask for this user-defined role