3com 3CRWX120695A WXR100 User Manual
Creating and Managing Users in the Local User Database
293
Authorization
Attributes
Authorization attributes can be assigned to users in the local database or
on remote servers. The attributes, which include access control list (ACL)
filters, VLAN membership, encryption type, session time-out period, and
other session characteristics, let you control how and when users access
the network. When a user or group is authenticated, the local database
or RADIUS server passes the authorization attributes to MSS to
characterize the user’s session.
on remote servers. The attributes, which include access control list (ACL)
filters, VLAN membership, encryption type, session time-out period, and
other session characteristics, let you control how and when users access
the network. When a user or group is authenticated, the local database
or RADIUS server passes the authorization attributes to MSS to
characterize the user’s session.
Table 22 lists the user attributes and their value ranges. You can specify
these attributes in lowercase when using the CLI.
these attributes in lowercase when using the CLI.
Table 22 Authentication Attributes for Local Users
Attribute
Description
Valid Value(s)
encryption-type
Type of encryption
required for access by
the client. Clients who
attempt to use an
unauthorized
encryption method are
rejected.
required for access by
the client. Clients who
attempt to use an
unauthorized
encryption method are
rejected.
Encryption-Type is a
3Com vendor-specific
attribute (VSA). The
vendor ID is 43, and the
vendor type is 3.
3Com vendor-specific
attribute (VSA). The
vendor ID is 43, and the
vendor type is 3.
One of the following numbers that
identifies an encryption algorithm:
identifies an encryption algorithm:
1—AES_CCM (Advanced
Encryption Standard using
Counter with CBC-MAC)
Encryption Standard using
Counter with CBC-MAC)
2—Reserved
4—TKIP (Temporal Key Integrity
Protocol)
Protocol)
8—WEP_104 (the default)
(Wired-Equivalent Privacy protocol
using 104 bits of key strength)
(Wired-Equivalent Privacy protocol
using 104 bits of key strength)
16—WEP_40 (Wired-Equivalent
Privacy protocol using 40 bits of
key strength)
Privacy protocol using 40 bits of
key strength)
32—NONE (no encryption)
64—Static WEP
In addition to these values, you can
specify a sum of them for a
combination of allowed encryption
types. For example, to specify
WEP_104 and WEP_40, use 24.
specify a sum of them for a
combination of allowed encryption
types. For example, to specify
WEP_104 and WEP_40, use 24.
end-date
Date and time after
which the user is no
longer allowed to be on
the network.
which the user is no
longer allowed to be on
the network.
Date and time, in the following
format:
format:
YY/MM/DD-HH:MM
You can use end-date alone or with
start-date. You also can use
start-date, end-date, or both in
conjunction with time-of-day.
start-date. You also can use
start-date, end-date, or both in
conjunction with time-of-day.