Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

391

392

393

394

395

396

397

398

399

400

Assigning Authorization Attributes

17-50 Configuring AAA for Network Users

Examples

ThefollowingcommandrestrictstheMACusergroupmac‐fanstoaccessthenetworkbyusing

onlyTKIP:

RBT-8100# set mac-usergroup mac-fans attr encryption-type 4

success: change accepted.

Youcanalsospecifyacombinationofallowedencryptiontypesbysummingthevalues.For

example,thefollowingcommandallowsmac‐fanstoassociateusingeitherTKIPorWEP_104:

RBT-8100# set mac-usergroup mac-fans attr encryption-type 12

success: change accepted.

ToclearanencryptiontypefromtheprofileofauseorgroupofusersinthelocalRoamAbout

Switchdatabase,useoneofthefollowingcommands:

clear user username attr encryption-type

clear usergroup groupname attr encryption-type

clear mac-user username attr encryption-type

clear mac-usergroup groupname attr encryption-type

Assigning and Clearing Encryption Types on a RADIUS Server

ToassignordeleteanencryptionalgorithmastheEncryption‐Typeauthorizationattributeina

userorgrouprecordonaRADIUSserver,seethedocument ationforyourRADIUSserver.

Keeping Users on the Same VLAN Even After Roaming

Insomecases,ausercanbeassignedtoadifferentVLANafterroamingtoanotherRoamAbout

Switch.Table 17‐6liststhewaysaVLANcanbeassignedtoauserafterroamingfromoneRBTto

another.

4 Temporal Key Integrity Protocol (TKIP).

8 Wired-Equivalent Privacy protocol using 104 bits of key strength (WEP_104).

This is the default.

16 Wired-Equivalent Privacy protocol using 40 bits of key strength (WEP_40).

32 No encryption.

64 Static WEP

Encryption-Type Value Encryption Algorithm Assigned

Table 17-6 VLAN Assignment After Roaming from One RBT Switch to Another

Location Policy AAA keep-initial-vlan SSID VLAN Assigned By...

Yes Yes or No Yes or No Yes or No location policy

No Yes Yes or No Yes or No AAA

No No Yes Yes or No keep-initial-vlan

No No No Yes SSID

No No No No Not set—authentication error