beautypg.com

3 configuring different encryption types – Motorola Series Switch WS5100 User Manual

Page 113

background image

Network Setup

4-39

Configuring Motorola Specific Radius Server User Privilege Values

The following recommended Radius Server user privilege settings specify access privilege levels for those
accessing the switch managed network. To define user privilege values, assign the following attributes in
the external Radius Server:

1. Set the attribute number to 1 and its type as "integer."

2. Define the following possible decimal values for user access permissions:

a. Set the

Monitor Role

value to 1 (read-only access to the switch).

b. Set the

Helpdesk Role

value to 2 (helpdesk/support access to the switch).

c. Set the

Nwadmin Role

value to 4 (wired and wireless access to the switch).

d. Set the

Sysadmin Role

value to 8 (system administrator access).

e. Set the

WebAdmin Role

value to 16 (guest user application access).

f. Set the

Superuser Role

value to 32768 (grants full read/write access to the switch).

3. Specify multiple privileges (for a single user) by specifying different attributes as needed. The privilege

values can be ORed and specified once. For example, if a user needs monitor (read-only) and helpdesk
access, configure the Radius Server with two attributes. Once with a value 1 for monitor access and then
with a value 2 for the helpdesk role.

Multiple roles can also be defined by configuring the Radius Server with attribute 1 and value 3 (or
monitor value 1 and helpdesk value 2).

Configuring the User Login Sources

The following recommended Radius Server user login sources specify the location (ssh/telnet/console/Web)
from which users are allowed switch access. If login access permissions are not defined (restricted), users
will be allowed to login from each interface. To define login source access locations:

1. Set the attribute number to 100 and its type as "integer."

2. Define the following possible decimal values for login sources:

a. Set the

Console Access

value to 128 (user is allowed login privileges only from console).

b. Set the

Telnet Access

value to 64 (user is allowed login privileges only from a Telnet session).

c. Set the

SSH Access

value to 32 (user is allowed login privileges only from ssh session).

d. Set the

Web Access

value to 16 (user is allowed login privileges only from Web/applet).

3. Specify multiple access sources by using different values. The privilege values can be ORed and specified

once. For example, if a user needs access from both the console and Web, configure the Radius Server
with the 100 attribute twice, once with value 128 for console and next with value 16 for Web access.

4.5.1.3 Configuring Different Encryption Types

To configure the WLAN data encryption options available on the switch, refer to the following:

Configuring WEP 64

Configuring WEP 128 / KeyGuard

Configuring WPA/WPA2 using TKIP and CCMP

NOTE: If user privilege attributes are not defined for the Radius Server, users will be
authenticated with a default privilege role of 1 (Monitor read-only access).