Creating and Managing Users in the Local User Database 293
AuthorizationAttributesAuthorization attributes can be assigned to users in the local database or on remote servers. The attributes, which include access control list (ACL) filters, VLAN membership, encryption type, session time-out period, and other session characteristics, let you control how and when users access the network. When a user or group is authenticated, the local database or RADIUS server passes the authorization attributes to MSS to characterize the user’s session. Table22 lists the user attributes and their value ranges. You can specify these attributes in lowercase when using the CLI. Table22 Authentication Attributes for Local Users
Attribute Description Valid Val ue(s )
encryption-type Type of encryption
required for access by
the client. Clients who
attempt to use an
unauthorized
encryption method are
rejected.
Encryption-Type is a
3Com vendor-specific
attribute (VSA). The
vendor ID is 43, and the
vendor type is 3.
One of the following numbers that
identifies an encryption algorithm:
1—AES_CCM (Advanced
Encryption Standard using
Counter with CBC-MAC)
2—Reserved
4—TKIP (Temporal Key Integrity
Protocol)
8—WEP_104 (the default)
(Wired-Equivalent Privacy protocol
using 104 bits of key strength)
16—WEP_40 (Wired-Equivalent
Privacy protocol using 40bits of
key strength)
32—NONE (no encryption)
64—Static WEP
In addition to these values, you can
specify a sum of them for a
combination of allowed encryption
types. For example, to specify
WEP_104 and WEP_40, use 24.
end-date Date and time after
which the user is no
longer allowed to be on
the network.
Date and time, in the following
format:
YY/MM/DD-HH:MM
You can use end-date alone or with
start-date. You also can use
start-date, end-date, or both in
conjunction with time-of-day.