Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

171

172

173

174

175

176

177

178

179

180

AAA Commands

Mobility System Software Command Reference Guide

Version 7.3

9 – 182

Examples

The following command assigns input access control list (ACL) acl-03 to filter packets

from a user at MAC address 01:02:03:04:05:06:

MX# set mac-user 01:02:03:04:05:06 attr filter-id acl-03.in

success: change accepted.

The following command restricts a user at MAC address 06:05:04:03:02:01 to network access

between 7 p.m. on Mondays and Wednesdays and 7 a.m. on Tuesdays and Thursdays:

MX# set mac-user

06:05:04:03:02:01 attr time-of-day

mo1900-1159,tu0000-0700,we1900-1159,th0000-0700

success: change accepted.

See Also

● clear mac-user attr on page 9-154

● show aaa on page 9-190

set mac-usergroup attr

Creates a user group in the local database on the MX for users authenticated by a MAC address,

and assigns authorization attributes for the group.

(To configure a user group and assign authorization attributes through RADIUS, see the

documentation for your RADIUS server.)

Syntax

set mac-usergroup group-name attr attribute-name value

Defaults

None.

Access

Enabled.

History

Introduced in MSS 1.0.

Usage

To change the value of an attribute, enter set mac-usergroup attr with the new value.

To delete an attribute, use clear mac-usergroup attr.

You can assign attributes to individual MAC users and to MAC user groups. If attributes are

configured for a MAC user and also for the group of the MAC user, the attributes assigned to the

individual MAC user take precedence for that user. For example, if the start-date attribute

configured for a MAC user is earlier than the start-date configured for the MAC user group, the

MAC user network access can begin as soon as the user start-date. The MAC user does not need to

wait for the MAC user group start date.

acct-interim-interv

Interval in seconds between

accounting updates, if start-stop

accounting mode is enabled.

Number between 180 and 3,600 seconds, or 0 to disable

periodic accounting updates.

The MX ignores the acct-interim-interval value and issues

a log message if the value is below 60 seconds.

Note: If both a RADIUS server and the MX supply a

value for the acct-interim-interval attribute, then the

value from the MX takes precedence.

group-name Name of a MAC user group. Specify a name of up to

32 alphanumeric characters, with no spaces. The name

must begin with an alphabetic character.

attribute-name value Name and value of an attribute used to authorize all

MAC users in the group for a particular service or session

characteristic. (For a list of authorization attributes, see

Table 9– 9 on page 179.)

Table 9– 9. Authentication Attributes for Local Users (continued)

Attribute Description Valid Value(s)