Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

391

392

393

394

395

396

397

398

399

400

Assigning Authorization Attributes

RoamAbout Mobility System Software Configuration Guide 17-49

Assigning a Security ACL on a RADIUS Server

ToassignasecurityACLnameastheFilter‐Idauthorizationattributeofauserorgrouprecordon

aRADIUSserver,seethedocumentationforyourRADIUSserver.

Clearing a Security ACL from a User or Group

ToclearasecurityACLfromtheprofileofauser,MACuser,orgroupofusersorMACusersin

thelocalRoamAboutSwitchdatabase,usethefollowingcommands:

clear user username attr filter-id

clear usergroup groupname attr filter-id

clear mac-user username attr filter-id

clear mac-usergroup groupname attr filter-id

Ifyouhaveassignedbothanincomingandanoutgoingfiltertoauserorgroup,enterthe

appropriatecommandtwicetodeletebothsecurityACLs.Verifythedeletionsbyenteringthe

showaaacommandandcheckingtheoutput.

TodeleteasecurityACLfromauser’sconfigurationonaRADIUS

server,seethedocumentation

foryourRADIUSserver.

Assigning Encryption Types to Wireless Users

WhenauserturnsonawirelesslaptoporPDA,thedeviceattemptstofindanaccesspointand

formanassociationwithit.Becauseaccesspointssupporttheencryptionofwirelesstraffic,clients 

canchooseanencryptiontypetouse.Youcanconfigureaccesspointstousetheencryption

algorithms

supportedbytheWi‐FiProtectedAccess(WPA)securityenhancementtotheIEEE

802.11wirelessstandard.(Fordetails,seeChapter 10,ConfiguringUserEncryption.)

Ifyouhaveconfiguredaccesspointstousespecificencryptionalgorithms,youcanenforcethe

typeofencryptionauserorgroupmusthavetoaccessthe

network.Whenyouassignthe

Encryption‐Typeattributetoauserorgroup,theencryptiontypeortypesareenteredasan

authorizationattributeintotheuserorgrouprecordinthelocalRoamAboutSwitchdatabaseor

ontheRADIUSserver.Encryption‐TypeisanEnterasysvendor‐specificattribute(VSA).

Clientswhoattempttouseanunauthorizedencryptionmethodarerejected.

Assigning and Clearing Encryption Types Locally

TorestrictwirelessusesorgroupswithuserprofilesinthelocalRoamAboutSwitchdatabaseto

particularencryptionalgorithmsforaccessingthenetwork,useoneofthefollowingcommands:

set user username attr encryption-type value

set usergroup groupname attr encryption-type value

set mac-user username attr encryption-type value

set mac-usergroup groupname attr encryption-type value

MSSsupportsthefollow ingvaluesforEncryption‐Type,listedfrommost securetoleastsecure.

(Foruserencryptiondetails,seeChapter 10,ConfiguringUserEncryption.)

Encryption-Type Value Encryption Algorithm Assigned

1 Advanced Encryption Standard using Counter with Cipher Block Chaining

Message Authentication Code (CBC-MAC)—or AES_CCM.

2 Reserved.