Western Telematic AFS-16-1 Switch User Manual


 
5-41
Basic Configuration
5.9.10.1. Dictionary Support for RADIUS
The RADIUS dictionary file can allow you to define a user and assign command access
rights and port access rights from a central location. The RADIUS dictionary file,
"dictionary.wti" is included on the CDROM along with this user's guide. To install the
dictionary file on your RADIUS server, please refer to the documentation provided with
your server; some servers will require the dictionary file to reside in a specific directory
location, others will require the dictionary file to be appended to an existing RADIUS
dictionary file. The WTI RADIUS dictionary file provides the following commands:
• WTI-Super - Sets the command access level for the user. This command provides
the following arguments:
0 = ViewOnly
1 = User
2 = SuperUser
3 = Administrator
For example, in order to set command access level to "SuperUser", the command
line would be:
WTI-Super="2"
• WTI-Circuit-Access - Determines which circuit(s) the user will be allowed to
access. This command provides an argument that consists of a four character
string, with one character for each the AFS-16's Circuit Modules. The following
options are available for each switched circuit:
0 = Off (Deny Access)
1 = On (Allow Access)
For example, to allow access to Circuits 2 and 4, the command line would be:
WTI-Circuit-Access="0101"
• WTI-Group-Access - Determines which Circuit Group(s) the user will be allowed
to access. The argument for this command includes a character for each, defined
Circuit Group, with the first character in the string being used to represent the first
Circuit Group defined, and the last character in the string representing the last
Circuit Group defined. The following options are available for each Circuit Group:
0 = Off (Deny Access)
1 = On (Allow Access)
For example, to allow access to the first three defined Circuit Groups out of a total
of six defined Circuit Groups, the command line would be:
WTI-Group-Access="111000"
Example:
The following command could be used to set the command access level to "User", allow
access to Circuits 1 and 2, and also allow access to the first two of five defined
Circuit Groups:
tom Auth-Type:=Local, User-Password=="tom1"
Login-Service=Telnet,
Login-TCP-Port=Telnet,
User-Name="HARRY-tom",
WTI-Super="1",
WTI-Circuit-Access="1100",
WTI-Group-Access="11000",