Specifications

RoamAbout Mobility System Software Command Line Reference 8-45
Table 8-1 Authentication Attributes for Local Users
Attribute Description Valid Value(s)
encryption-type Type of encryption required for
access by the client. Clients who
attempt to use an unauthorized
encryption method are rejected.
Note: Encryption-Type is an
Enterasys Networks vendor-
specific attribute (VSA). The vendor
ID is 14525, and the vendor type is
3.
One of the following numbers that identifies an
encryption algorithm:
1—AES_CCM (Advanced Encryption
Standard using Counter with CBC-MAC)
2—Reserved
4—TKIP (Temporal Key Integrity Protocol)
8—WEP_104 (the default) (Wired-Equivalent
Privacy protocol using 104 bits of key
strength)
16—WEP_40 (Wired-Equivalent Privacy
protocol using 40 bits of key strength)
32—NONE (no encryption)
64—Static WEP
In addition to these values, you can specify a
sum of them for a combination of allowed
encryption types. For example, to specify
WEP_104 and WEP_40, use 24.
end-date Date and time after which the user
is no longer allowed to be on the
network.
Date and time, in the following format:
YY/MM/DD-HH:MM
You can use end-date alone or with start-date.
You also can use start-date, end-date, or both in
conjunction with time-of-day.
filter-id
(network access
mode only)
Security access control list (ACL),
to permit or deny traffic received
(input) or sent (output) by the RAS.
(For more information about
security ACLs, see Chapter 14,
Security ACL Commands.)
Name of an existing security ACL, up to
253 alphanumeric characters, with no tabs or
spaces.
Use acl-name.in to filter traffic that enters the
switch from users via an AP access port or
wired authentication port, or from the network
via a network port.
Use acl-name.out to filter traffic sent from the
switch to users via an AP access port or wired
authentication port, or from the network via a
network port.
Note: If the Filter-Id value returned through the
authentication and authorization process does
not match the name of a committed security ACL
in the RoamAbout switch, the user fails
authorization and is unable to authenticate.
idle-timeout This option is not implemented in the current MSS version.