Specifications

Administrative AAA Configuration Scenarios

RoamAbout Mobility System Software Configuration Guide 3-7

Authenticating at the Console

Youcanconfiguretheconsolesothatauthentication isrequired,orsothatnoauthenticationis

required.Enterasys Networksrecommendsthatyouenforceauthenticationontheconsoleport.

Toenforceconsoleauthentication,takethefollowingsteps:

1. Addauserinthelocaldatabasebytypingthe followingcommandwithausernameand

password:

RBT-8100# set user username password password

2. Toenforcetheuseofconsoleauthenticationviathelocaldatabase,typethefollowing

command:

RBT-8100# set authentication console * local

3. Tostorethisconfigurationintononvolatilememory,typethefollowingcommand:

RBT-8100# save config

Bydefault,noauthenticationisrequiredattheconsole.Ifyouhavepreviouslyrequired

authenticationandhavedecidednottorequireit(duringtesting,forexample),typethefollowing

commandtoconfiguretheconsolesothatitdoesnotrequireusernameandpassword

authentication:

RBT-8100# set authentication console * none

Customizing AAA with “Globs” and Groups

“Globbing”letsyouclassifyusersbyusernameormediaaccesscontrol(MAC)addressfor

differentAAAtreatments.Auserglobisastring,possiblycontainingwildcards,formatching

AAAandIEEE802.1Xauthenticationmethodstoauserorsetofusers.TheRoa mAboutSwitch

supportsthefollowingwildcardcharacters foruser

globs:

•Singleasterisk(*)matchesthecharactersinausernameuptobutnotincludingaseparator

character,whichcanbeanat(@)signoraperiod(.).

•Doubleasterisk(**)matchesallusernames.

Inasimilarfashion,MACaddressglobsmatchauthenticationmethodstoaMACaddressorset

of

MACaddresses.Fordetails,see“UserGlobs,MACAddressGlobs,andVLANGlobs”on

page 1‐4.

AusergroupisanamedcollectionofusersorMACaddressessharingacommonauthorization

policy.Forexam ple,youmightgroupallusersonthefirstfloorofbuilding 17intothegroup

bldg

‐17‐1st‐floor,orgroupallusersintheITgroupintothegroupinfotech‐people.Individualuser

entriesoverridegroupentriesiftheybothconfigurethesameattribute.

Note: If you type this command before you have created a local username and password, you can

lock yourself out of the RoamAbout Switch. Before entering this command, you must configure a

local username and password.

Note: The authentication method none you can specify for administrative access is different from

the fallthru authentication type None, which applies only to network access. The authentication

method none allows access to the RoamAbout Switch by an administrator. The fallthru

authentication type None denies access to a network user. (For information about the fallthru

authentication types, see “Authentication Algorithm” on page 17-3.)