Specifications
Assigning Authorization Attributes
17-42 Configuring AAA for Network Users
Assigning Authorization Attributes
Authorizationattributescanbeassignedtousersinthe localdatabaseoronremoteservers.The
attributes,whichincludeaccesscontrollist(ACL)filters,VLANmembership,encryptiontype,
sessiontime‐outperiod,andothersessioncharact eristics,letyoucontrolhowandwhenusers
accessthenetwork.Whenauserorgroup
isauthenticated,thelocaldatabaseorRADIUSserver
passestheauthorizationattributestoMSStocharacterizetheuser’ssession.
TheVLANattribu teisrequired.MSScanauthorizeausertoaccessthenetworkonlyiftheVLAN
toplacetheuseronisspecified.
Table 17‐5onpage 17‐42liststhe
authorizationattributessupportedbyMSS.(Forbrief
descriptionsofalltheRADIUSattributesandEnterasysvendor‐specificattributessupportedby
MSS,aswellasthevendorIDandtypesforEnterasysVSAs configuredonaRADIUSserver,see
Appendix C,SupportedRADIUSAttributes.
)
Table 17-5 Authentication Attributes for Local Users
Attribute Description Valid Value(s)
encryption-type Type of encryption required
for access by the client.
Clients who attempt to use
an unauthorized encryption
method are rejected.
One of the following numbers that identifies an
encryption algorithm:
• 1—AES_CCM (Advanced Encryption Standard using
Counter with CBC-MAC)
• 2—Reserved
• 4—TKIP (Temporal Key Integrity Protocol)
• 8—WEP_104 (the default) (Wired-Equivalent Privacy
protocol using 104 bits of key strength)
• 16—WEP_40 (Wired-Equivalent Privacy protocol
using 40 bits of key strength)
• 32—NONE (no encryption)
• 64—Static WEP
In addition to these values, you can specify a sum of
them for a combination of allowed encryption types. For
example, to specify WEP_104 and WEP_40, use 24.
end-date Date and time after which
the user is no longer
allowed to be on the
network.
Date and time, in the following format:
YY/MM/DD-HH:MM
You can use end-date alone or with start-date. You also
can use start-date, end-date, or both in conjunction with
time-of-day.