Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

171

172

173

174

175

176

177

178

179

180

AAA Commands

9 – 179

History

Usage

To change the value of an attribute, enter set mac-user attr with the new value. To delete

an attribute, use clear mac-user attr.

You can assign attributes to individual MAC users and to MAC user groups. If attributes are

configured for a MAC user and also for the group the MAC user is in, the attributes assigned to the

individual MAC user take precedence for that user. For example, if the start-date attribute

configured for a MAC user is earlier than the start-date configured for the MAC user group for the

user, the MAC user network access can begin as soon as the user start-date. The MAC user does

not need to wait for the MAC user group start date.

Version 1.0 Command introduced

Version 1.1 Authorization attributes encryption-type and time-of-day

added

Version 3.0 Authorization attributes end-date, ssid, start-date, and url

added

Version 5.0 Authorization attribute acct-interim-interval added

Version 7.1 Attributes qos-profile, simultaneous-logins, and

termination-action added.

Table 9– 9. Authentication Attributes for Local Users

Attribute Description Valid Value(s)

encryption-type Type of encryption required for

access by the client. Clients who

attempt to use an unauthorized

encryption method are rejected.

Note: Encryption-Type is a

Trapeze vendor-specific

attribute (VSA). The vendor ID

is 14525, and the vendor type is

One of the following numbers that identifies an

encryption algorithm:

❑ 1—AES_CCM (Advanced Encryption Standard using

Counter with CBC-MAC)

❑ 2—Reserved

❑ 4—TKIP (Temporal Key Integrity Protocol)

❑ 8—WEP_104 (the default) (Wired-Equivalent Privacy

protocol using 104 bits of key strength)

❑ 16—WEP_40 (Wired-Equivalent Privacy protocol

using 40 bits of key strength)

❑ 32—NONE (no encryption)

❑ 64—Static WEP

In addition to these values, you can specify a sum of them

for a combination of allowed encryption types. For

example, to specify WEP_104 and WEP_40, use 24.

end-date Date and time user access

expires.

Date and time, in the following format:

YY/MM/DD-HH:MM

You can use end-date alone or with start-date. You also

can use start-date, end-date, or both in conjunction with

time-of-day.

filter-id

(network access mode

only)

Security access control list

(ACL), to permit or deny traffic

received (input) or sent (output)

by the MX switch.

(For more information about

security ACLs, see “Security

ACL Commands,” on

page 15-391.)

Name of an existing security ACL, up to 32 alphanumeric

characters, with no tabs or spaces.

❑ Use acl-name.in to filter traffic that enters the MX

from users via an MP or wired authentication port, or

from the network via a network port.

❑ Use acl-name.out to filter traffic sent from the MX to

users via an MP port or wired authentication port, or

from the network via a network port.

Note: If the Filter-Id value returned through the

authentication and authorization process does not match

the name of a committed security ACL in the MX, the

user fails to authorize and is unable to authenticate.

idle-timeout This option is not implemented in the current MSS version.