3 configuring different encryption types – Motorola Series Switch WS5100 User Manual
Page 113
Network Setup
4-39
Configuring Motorola Specific Radius Server User Privilege Values
The following recommended Radius Server user privilege settings specify access privilege levels for those
accessing the switch managed network. To define user privilege values, assign the following attributes in
the external Radius Server:
1. Set the attribute number to 1 and its type as "integer."
2. Define the following possible decimal values for user access permissions:
a. Set the
Monitor Role
value to 1 (read-only access to the switch).
b. Set the
Helpdesk Role
value to 2 (helpdesk/support access to the switch).
c. Set the
Nwadmin Role
value to 4 (wired and wireless access to the switch).
d. Set the
Sysadmin Role
value to 8 (system administrator access).
e. Set the
WebAdmin Role
value to 16 (guest user application access).
f. Set the
Superuser Role
value to 32768 (grants full read/write access to the switch).
3. Specify multiple privileges (for a single user) by specifying different attributes as needed. The privilege
values can be ORed and specified once. For example, if a user needs monitor (read-only) and helpdesk
access, configure the Radius Server with two attributes. Once with a value 1 for monitor access and then
with a value 2 for the helpdesk role.
Multiple roles can also be defined by configuring the Radius Server with attribute 1 and value 3 (or
monitor value 1 and helpdesk value 2).
Configuring the User Login Sources
The following recommended Radius Server user login sources specify the location (ssh/telnet/console/Web)
from which users are allowed switch access. If login access permissions are not defined (restricted), users
will be allowed to login from each interface. To define login source access locations:
1. Set the attribute number to 100 and its type as "integer."
2. Define the following possible decimal values for login sources:
a. Set the
Console Access
value to 128 (user is allowed login privileges only from console).
b. Set the
Telnet Access
value to 64 (user is allowed login privileges only from a Telnet session).
c. Set the
SSH Access
value to 32 (user is allowed login privileges only from ssh session).
d. Set the
Web Access
value to 16 (user is allowed login privileges only from Web/applet).
3. Specify multiple access sources by using different values. The privilege values can be ORed and specified
once. For example, if a user needs access from both the console and Web, configure the Radius Server
with the 100 attribute twice, once with value 128 for console and next with value 16 for Web access.
4.5.1.3 Configuring Different Encryption Types
To configure the WLAN data encryption options available on the switch, refer to the following:
•
•
Configuring WEP 128 / KeyGuard
•
Configuring WPA/WPA2 using TKIP and CCMP
NOTE: If user privilege attributes are not defined for the Radius Server, users will be
authenticated with a default privilege role of 1 (Monitor read-only access).