Specifications
RoamAbout Mobility System Software Configuration Guide 3-1
3
Configuring AAA for
Administrative and Local Access
Overview of AAA for Administrative and Local Access
Enterasys NetworksMobilitySystemSoftware(MSS)supportsauthentication,authorization,and
accounting(AAA)forsecurenetworkconnections.Asadministrator,youmustestablish
administrativeaccessforyourselfandoptionallyotherlocalusersbeforeyoucanconfigurethe
RoamAboutSwitchforoperation.
Hereisanoverviewofconfigurationtopics:
• Consoleconnection.Bydefault,any
administratorcanconnecttotheconsoleportand
managetheswitch,becausenoauthenticationisenforced.(Enterasys Networksrecommends
thatyouenforceauthenticationontheconsoleportafterinitialconnection.)
• TelnetorSSHconnection.AdministratorscannotestablishaTelnetorSecureShell(SSH)
connectiontotheRoamAboutSwitchbydefault.To
provideTelnetorSSHaccess,youmust
addausernameandpasswordentrytothelocaldatabaseor,optionally,settheauthentication
methodforTelnetuserstoaRemoteAuthenticationDial‐InUserService(RADIUS)server.
• Restrictedmode.WhenyouinitiallyconnecttotheRoamAboutSwitch,yourmodeof
operationis
restricted.Inthismode,onlyasmallsubsetofstatusandmonitoringcommands
isavailable. Restrictedmodeisusefulforadministratorswithbasicmonitoringprivilegeswho
arenotallowedtochangetheconfigurationorruntraces.
For information about... Refer to page...
Overview of AAA for Administrative and Local Access 3-1
Before You Start 3-3
About Administrative Access 3-4
First-Time Configuration Using the Console 3-5
Configuring Accounting for Administrative Users 3-9
Displaying the AAA Configuration 3-10
Saving the Configuration 3-10
Administrative AAA Configuration Scenarios 3-11
Note: A CLI Telnet connection to the RoamAbout Switch is not secure, unlike SSH, RoamAbout
Switch Manager and WebView connections. (For details, see Chapter 16, Managing Keys and
Certificates.)