Support User Manuals

Western Telematic AFS-16-1 Switch User Manual

Open as PDF

of 135

5-41

Basic Configuration

5.9.10.1. Dictionary Support for RADIUS

The RADIUS dictionary file can allow you to define a user and assign command access

rights and port access rights from a central location. The RADIUS dictionary file,

"dictionary.wti" is included on the CDROM along with this user's guide. To install the

dictionary file on your RADIUS server, please refer to the documentation provided with

your server; some servers will require the dictionary file to reside in a specific directory

location, others will require the dictionary file to be appended to an existing RADIUS

dictionary file. The WTI RADIUS dictionary file provides the following commands:

• WTI-Super - Sets the command access level for the user. This command provides

the following arguments:

0 = ViewOnly

1 = User

2 = SuperUser

3 = Administrator

For example, in order to set command access level to "SuperUser", the command

line would be:

WTI-Super="2"

• WTI-Circuit-Access - Determines which circuit(s) the user will be allowed to

access. This command provides an argument that consists of a four character

string, with one character for each the AFS-16's Circuit Modules. The following

options are available for each switched circuit:

0 = Off (Deny Access)

1 = On (Allow Access)

For example, to allow access to Circuits 2 and 4, the command line would be:

WTI-Circuit-Access="0101"

• WTI-Group-Access - Determines which Circuit Group(s) the user will be allowed

to access. The argument for this command includes a character for each, defined

Circuit Group, with the first character in the string being used to represent the first

Circuit Group defined, and the last character in the string representing the last

Circuit Group defined. The following options are available for each Circuit Group:

0 = Off (Deny Access)

1 = On (Allow Access)

For example, to allow access to the first three defined Circuit Groups out of a total

of six defined Circuit Groups, the command line would be:

WTI-Group-Access="111000"

Example:

The following command could be used to set the command access level to "User", allow

access to Circuits 1 and 2, and also allow access to the first two of five defined

Circuit Groups:

tom Auth-Type:=Local, User-Password=="tom1"

Login-Service=Telnet,

Login-TCP-Port=Telnet,

User-Name="HARRY-tom",

WTI-Super="1",

WTI-Circuit-Access="1100",

WTI-Group-Access="11000",

previous next