Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

171

172

173

174

175

176

177

178

179

180

AAA Commands

Mobility System Software Command Reference Guide

Version 7.3

9 – 180

mobility-profile

(network access mode

only)

Mobility Profile attribute for the

user. (For more information, see

set mobility-profile on

page 9-183.)

Note: Mobility-Profile is a

Trapeze vendor-specific

attribute (VSA). The vendor ID

is 14525, and the vendor type is

Name of an existing Mobility Profile, up to

32 alphanumeric characters, with no tabs or spaces.

Note: If the Mobility Profile feature is enabled, and a user

is assigned a Mobility Profile name that does not exist on

the MX, the user is denied access.

qos-profile The name of an associated QoS

profile.

You must have configured a QoS profile before youcan

apply this attribute.

service-type Type of access requested by the

user.

One of the following numbers:

❑ 2—Framed; for network user access

❑ 6—Administrative; for administrative access to the

MX, with authorization to access the enabled

(configuration) mode. The user must enter the enable

command and the correct enable password to access

the enabled mode.

❑ 7—NAS-Prompt; for administrative access to the

nonenabled mode only. In this mode, the user can still

enter the enable command and the correct enable

password to access the enabled mode.

For administrative sessions, the MX always sends 6

(Administrative).

The RADIUS server can reply with one of the values

listed above.

If the service-type is not set on the RADIUS server,

administrative users receive NAS-Prompt access, and

network users receive Framed access.

session-timeout

(network access mode

only)

Maximum number of seconds

for the user’s session.

Number between 0 and 4,294,967,296 seconds

(approximately 136.2 years).

Note: If the global reauthentication timeout (set by the

set dot1x reauth-period command) is shorter than the

session-timeout, MSS uses the global timeout instead.

simultaneous-

logins

Maximum number of time s a

client can log onto the network.

You can configure a value from 0 to 1000.

ssid

(network access mode

only)

SSID accessible by the user

after authentication.

Name of the SSID you want the user to use. The SSID

must be configured in a service profile, and the service

profile must be used by a radio profile assigned to Trapeze

radios in the Mobility Domain.

start-date Date and time at which the user

becomes eligible to access the

network.

MSS does not authenticate the

user unless the attempt to

access the network occurs at or

after the specified date and

time, but before the end-date (if

specified).

Date and time, in the following format:

YY/MM/DD-HH:MM

You can use start-date alone or with end-date. You also

can use start-date, end-date, or both in conjunction with

time-of-day.

termination-action The type of action taken to

terminate a client on the

network.

You can select one of two options:

❑ 0 (Default for Disconnect)

❑ 1 (Radius-request for Re-authentication)

Table 9– 9. Authentication Attributes for Local Users (continued)

Attribute Description Valid Value(s)