Reset Search
 

 

Article

Policy Index 0 Showing In Switch Multiauth Session Output

« Go Back

Information

 
TitlePolicy Index 0 Showing In Switch Multiauth Session Output
Symptoms
After authentication, the client is not applied a policy by the switch to which the client is attached.
Output from the show multiauth sessioin command shows policy index 0.
Policy Manager's Port Usage show the Role as N/A.
Environment
  • RADIUS
  • NPS
  • IAS
  • NAC
  • All Enterasys switch platforms
Cause
This is caused when the RADIUS Accept contains no Filter-Id with the desired Role/Policy.
 
Resolution
On the RADIUS server, and within the matching RADIUS policy, add the RADIUS Return Attribute "Filter-Id" with the expected policy that should be applied by the switch.

Example:  Enterasys:version=1:policy=Enterprise User
Additional notes
Editing or adding a RADIUS policy.
Example from NetSight's Help if using a 2008 NPS server:

Adding a New Remote Access Policy
Follow these steps to add a new Remote Access Policy. A Remote Access Policy is a set of actions which is applied to a group of users that meet a specified set of conditions. The selections in the following steps can be used as an example; for more specific options, review the Windows Server 2008 Network Policy Server (NPS) Operations Guide.
 NOTE:For information on configuring end user VLAN ID attributes (in compliance with RFC 3580) to be used in conjunction with VLAN to Role Mapping, refer to your device firmware and RADIUS server documentation.
  1. In the Network Policy Server window (Start > Programs > Administrative Tools > Network Policy Server), expand the Policies node. Right click on "Connection Request Policies" and select New.
  2. The New Connection Request Policy wizard opens.
    1. Enter a Policy name and then click Next.
    2. In the Specify Conditions panel click Add.
    3. Select the condition "Day and Time Restrictions" and click Add.
    4. In the Day and Time Restrictions window select the Permitted radio button. Click OK. Click Next.
    5. In the Specify Connection Request Forwarding panel, select "Authentication." Select the appropriate settings for your RADIUS server and click Next.
    6. In the Specify Authentication Methods panel, click Next.
    7. In the Configure Settings panel, click Next.
    8. In the Completing Connection Request Policy Wizard panel, verify that the settings are correct and click Finish.
  3. Back in the Network Policy Server window, right-click on "Network Policy" and select New.
  4. The New Network Policy wizard opens.
    1. Enter a Policy name and click Next.
    2. In the Specify Conditions panel, click Add.
    3. Select the condition "Window Groups" and click Add.
    4. In the Windows Groups window click Add Groups.
    5. In the Select Group window, enter the object name to select. Click OK.
    6. Click OK in the Window Groups window. Click Next.
    7. In the Specify Access Permission Panel, select "Access Granted" and click Next.
    8. In the Configure Authentication Methods panel, select the appropriate settings for your authentication requirements and click Next.
    9. In the Configure Constraints panel, click Next.
    10. In the Configure Settings panel, select "RADIUS Attributes Standard" and remove all parameters, such as "Server-Type" and "Framed-Protocol."
    11. Click Add to add a Filter-Id attribute.
    12. In the Add Standard RADIUS Attribute window, select "Filter-Id" and then click Add.
    13. In the Attribute Information window, click Add.
    14. In the Attribute Information window, enter the attribute value: 
      Enterasys:version=1:mgmt=su:policy=[role]
      where [role] is the role name to be applied to this user.
 CAUTION:Include :mgmt=su in the string only for users who should have administrative privileges and the ability to telnet to devices and/or use local management on devices when authentication is enabled. For other users, leave it out.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255