Manualshelf

System information

ManualsBrandsD-Link ManualsComputer equipmentDWS-1008
131132133134135136137138139140
133
DWS-1008 CLI Reference Guide
D-Link Systems, Inc.
AAA Commands
set authentication admin (continued)
Note: The syntax descriptions for the set authentication commands have been separated for
clarity. However, the options and behavior for the set authentication admin command are the
same as in previous releases.
Usage: You can configure different authentication methods for different groups of users. If you
specify multiple authentication methods in the set authentication console command,
MSS applies them in the order in which they appear in the command, with these
results:
• If the first method responds with pass or fail, the evaluation is final.
• If the first method does not respond, MSS tries the second method, and so on.
• However, if local appears first, followed by a RADIUS server group, MSS ignores
any failed searches in the local database and sends an authentication request
to the RADIUS server group.
Note: If a AAA rule specifies local as a secondary AAA method, to be used if the RADIUS
servers are unavailable, and MSS authenticates a client with the local method, MSS starts
again at the beginning of the method list when attempting to authorize the client. This can
cause unexpected delays during client processing and can cause the client to time out before
completing logon.
Examples: The following command configures administrator Jose, who connects via Telnet,
for authentication on RADIUS server group sg3:
DWS-1008# set authentication admin Jose sg3
success: change accepted.
set authentication console
Configures authentication and defines where it is performed for specified users with
administrative access through a console connection.
Syntax: set authentication console user-glob method1 [method2] [method3] [method4]
user-glob Single user or set of users with administrative access through the
switch’s console.
Specify a username, use the double-asterisk wildcard character
(**) to specify all usernames, or use the single-asterisk wildcard character
(*) to specify a set of usernames up to or following the first delimiter
character - either an at sign (@) or a period (.). Note: This option does
not apply if mac is specified. For mac, specify a mac-addr-glob.