Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

381

382

383

384

385

386

387

388

389

390

Assigning Authorization Attributes

RoamAbout Mobility System Software Configuration Guide 17-43

filter-id

(network access

mode only)

Security access control list

(ACL), to permit or deny

traffic received (input) or

sent (output) by the

RoamAbout Switch.

(For more information about

security ACLs, see

Chapter 15, Configuring

and Managing Security

ACLs.)

Name of an existing security ACL, up to

253 alphanumeric characters, with no tabs or spaces.

• Use acl-name.in to filter traffic that enters the switch

from users via a wired authentication port, or from the

network via a network port.

• Use acl-name.out to filter traffic sent from the switch

to users via a wired authentication port, or from the

network via a network port.

Note: If the Filter-Id value returned through the

authentication and authorization process does not match

the name of a committed security ACL in the RoamAbout

switch, the user fails authorization and is unable to

authenticate.

idle-timeout This option is not implemented in the current MSS version.

mobility-profile

(network access

mode only)

Mobility Profile attribute for

the user. (For more

information, see

“Configuring a Mobility

Profile” on page 17-63.)

Name of an existing Mobility Profile, which can be up to

32 alphanumeric characters, with no tabs or spaces.

Note: If the Mobility Profile feature is enabled, and a

user is assigned the name of a Mobility Profile that does

not exist on the RoamAbout switch, the user is denied

access.

service-type Type of access the user is

requesting.

One of the following numbers:

• 2—Framed; for network user access

• 6—Administrative; for administrative access to the

RoamAbout switch, with authorization to access the

enabled (configuration) mode. The user must enter

the enable command and the correct enable

password to access the enabled mode.

• 7—NAS-Prompt; for administrative access to the

nonenabled mode only. In this mode, the user can still

enter the enable command and the correct enable

password to access the enabled mode.

For administrative sessions, the RoamAbout switch

always sends 6 (Administrative).

The RADIUS server can reply with one of the values

listed above.

If the service-type is not set on the RADIUS server,

administrative users receive NAS-Prompt access, and

network users receive Framed access.

Note: MSS will quietly accept Callback Framed but you

cannot select this access type in MSS.

session-timeout

(network access

mode only)

Maximum number of

seconds for the user’s

session.

Number between 0 and 4,294,967,296 seconds

(approximately 136.2 years).

ssid

(network access

mode only)

SSID the user is allowed to

access after authentication.

Name of the SSID you want the user to use. The SSID

must be configured in a service profile, and the service

profile must be used by a radio profile assigned to

Enterasys radios in the Mobility Domain.

Table 17-5 Authentication Attributes for Local Users (continued)

Attribute Description Valid Value(s)