When using preconfigured roles in radius, a vendor assigned attribute of 2, and a decimal value of 1-12 it works; however, when I create a custom role what value should be used for the attribute format and value?
You can fine a detailed explanation in the AX_Admin_Guide Page 329:
TABLE 21 RADIUS / TACACS+ Privilege Levels and Matching GUI Access Roles GUI Access Role Privilege Level Partition RADIUS TACACS+ Role ReadWriteAdmin 2 15 N SystemAdmin 3 14 N NetworkAdmin 4 13 N NetworkOperator 5 12 N SlbServiceAdmin 6 11 N SlbServiceOperator 7 10 N ReadOnlyAdmin 1 0 N PartitionReadWrite 8 9 Y PartitionNetworkOperator 9 8 Y PartitionSlbServiceAdmin 10 7 Y PartitionSlbServiceOperator 11 6 Y PartitionReadOnly 12 5 Y
Any custom RADIUS roles defined have to include the A10 specific role attribute:
ATTRIBUTE A10-Admin-Role 5 string
A10-Admin-Role defines a role name, e.g. Network_Op_Level1 Then, inside the AX device, you can create the “Network_Op_Level1” customized role. When a RADIUS user is authenticated successfully with the “A10-Admin-Role: Network_Op_Level1”, this user will be assigned with the role properly.
The predefined privilege in “A10-Admin-Privilege” attribute is honored from 1 to 12.
Comments
You can fine a detailed explanation in the AX_Admin_Guide Page 329:
TABLE 21 RADIUS / TACACS+ Privilege Levels and Matching GUI Access Roles
GUI Access Role
Privilege Level Partition
RADIUS TACACS+ Role
ReadWriteAdmin 2 15 N
SystemAdmin 3 14 N
NetworkAdmin 4 13 N
NetworkOperator 5 12 N
SlbServiceAdmin 6 11 N
SlbServiceOperator 7 10 N
ReadOnlyAdmin 1 0 N
PartitionReadWrite 8 9 Y
PartitionNetworkOperator 9 8 Y
PartitionSlbServiceAdmin 10 7 Y
PartitionSlbServiceOperator 11 6 Y
PartitionReadOnly 12 5 Y
Any custom RADIUS roles defined have to include the A10 specific role attribute:
ATTRIBUTE A10-Admin-Role 5 string
A10-Admin-Role defines a role name, e.g. Network_Op_Level1 Then, inside the AX device, you can create the “Network_Op_Level1” customized role. When a RADIUS user is authenticated successfully with the “A10-Admin-Role: Network_Op_Level1”, this user will be assigned with the role properly.
The predefined privilege in “A10-Admin-Privilege” attribute is honored from 1 to 12.