Policy Server Guides › Policy Server Configuration Guide › Using the Policy Server as a RADIUS Server › Guidelines for Protecting RADIUS Devices
Guidelines for Protecting RADIUS Devices
Before deploying CA SiteMinder® in a RADIUS environment, note the following guidelines:
- Realm names in the same policy domain must be unique.
- Only one type of RAS device can be protected within one policy. A single policy cannot protect more than one RADIUS device because each vendor uses a separate Dictionary file. The responses in a single policy must interpret return attributes identically. If the environment is heterogeneous and includes a variety of RAS devices, define a separate policy for each type of RADIUS device.
- Multiple user directories can be defined within one policy domain. When multiple user directories are defined, specify a search order.
- You can combine RADIUS Agents for different NAS vendors in a single generic RADIUS Agent group, and then use the same Agent group in a separate policy for each type of RADIUS Agent. For example, if the Agent group contained a Shiva Agent and a Cisco Agent, you would create a Shiva policy and a Cisco policy. The same rule and realm would be added to each policy, which saves time. However the response associated to each instance of the same rule would differ; the Cisco policy would associate a Cisco response to the generic rule and the Shiva policy would associate a Shiva response to the generic rule.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|