Open as PDF
About AAA for Network Users 439
MSS provides the following VSAs, which you can assign to users
configured in the local database or on a RADIUS server:
Encryption-Type — Specifies the type of encryption required for
access by the client. Clients who attempt to use an unauthorized
encryption method are rejected.
End-Date — Date and time after which the user is no longer allowed
to be on the network.
Mobility-Profile — Controls the WX switch ports a user can access.
For wireless users, an MSS Mobility Profile specifies the MAPs through
which the user can access the network. For wired authentication
users, the Mobility Profile specifies the wired authentication ports
through which the user can access the network.
SSID — SSID the user is allowed to access after authentication.
Start-Date — Date and time at which the user becomes eligible to
access the network. MSS does not authenticate the user unless the
attempt to access the network occurs at or after the specified date
and time, but before the end-date (if specified).
Time-of-Day — Day(s) and time(s) during which the user is permitted
to log into the network.
URL — URL to which the user is redirected after successful WebAAA.
VLAN-Name — VLAN to place the user on.
You also can assign the following RADIUS attributes to users configured
in the local database.
Filter-Id — Security ACL that permits or denies traffic received by
(input) or sent by (output) the user.
Service-Type — Type of access the user is requesting, which can be
network access, administrative access to the enabled (configuration)
mode of the MSS CLI, or administrative access to the nonenabled
mode of the CLI
Session-Timeout — Maximum number of seconds allowed for the
Regardless of whether you configure the user and attributes on RADIUS
servers or the WX local database, the VLAN attribute is required. The
other attributes are optional.