Creating and Managing Users in the Local User Database 293

Authorization Authorization attributes can be assigned to users in the local database or Attributes on remote servers. The attributes, which include access control list (ACL) filters, VLAN membership, encryption type, session time-out period, and other session characteristics, let you control how and when users access the network. When a user or group is authenticated, the local database

or RADIUS server passes the authorization attributes to MSS to characterize the user’s session.

Table 22 lists the user attributes and their value ranges. You can specify these attributes in lowercase when using the CLI.

Table 22 Authentication Attributes for Local Users

Attribute

Description

Valid Value(s)

 

 

 

encryption-type

Type of encryption

One of the following numbers that

 

required for access by

identifies an encryption algorithm:

 

the client. Clients who

„

1—AES_CCM (Advanced

 

attempt to use an

 

 

Encryption Standard using

 

unauthorized

 

 

 

Counter with CBC-MAC)

 

encryption method are

 

 

 

2—Reserved

 

rejected.

„

 

Encryption-Type is a

„ 4—TKIP (Temporal Key Integrity

 

3Com vendor-specific

 

Protocol)

 

attribute (VSA). The

„

8—WEP_104 (the default)

 

vendor ID is 43, and the

 

vendor type is 3.

 

(Wired-Equivalent Privacy protocol

 

 

using 104 bits of key strength)

 

 

 

 

 

„

16—WEP_40 (Wired-Equivalent

 

 

 

Privacy protocol using 40 bits of

 

 

 

key strength)

 

 

„

32—NONE (no encryption)

 

 

„

64—Static WEP

 

 

In addition to these values, you can

 

 

specify a sum of them for a

 

 

combination of allowed encryption

 

 

types. For example, to specify

 

 

WEP_104 and WEP_40, use 24.

 

 

 

end-date

Date and time after

Date and time, in the following

 

which the user is no

format:

 

longer allowed to be on

YY/MM/DD-HH:MM

 

the network.

 

 

You can use end-datealone or with start-date. You also can use start-date, end-date, or both in conjunction with time-of-day.

Page 293
Image 293
3Com WX4400 3CRWX440095A WX1200, 3CRWXR10095A manual Authentication Attributes for Local Users, Encryption-type, End-date