Specifications
Administrative AAA Configuration Scenarios
3-8 Configuring AAA for Administrative and Local Access
(Forinformationaboutconfiguringusersandusergroups,see“AddingandClearingLocalUsers
forAdministrativeAccess”onpage 3‐8.)
Setting User Passwords
Likeusernames,passwordsarecase‐sensitive.Tomakepasswordssecure,makesuretheycontain
uppercaseandlowercaselettersandnumbers.Enterasys Networksrecommendsthatallusers
createpasswordsthatarememorabletothemselves,difficultforotherstoguess,andnotsubjectto
adictionaryattack.
Userpasswordsareautomatically encryptedwhenentered
inthelocaldatabase.However,the
encryptionisnotstrong.Itisdesignedonlytodiscouragesomeonelookingoveryourshoulder
frommemorizingyourpasswordasyoudisplaytheconfiguration.Tomaintainsecurity,MSS
displaysonlytheencryptedformofthepasswordinshowcommands.
Adding and Clearing Local Users for Administrative Access
UsernamesandpasswordscanbestoredlocallyontheRoamAboutSwitch.Enterasys Networks
recommendsthatyouenforceconsoleauthenticationaftertheinitialconfigurationtoprevent
anyonewithunauthorizedaccesstotheconsolefromloggingin.Thelocaldatabaseonthe
RoamAboutSwitchisthesimplestwaytostoreuserinformationinan
Enterasys Networks
system.
Toconfigureauserinthelocaldatabase,typethefollowingcommand:
set user username password [encrypted] password
Example
ToconfigureuserJoewiththepasswordspRin9inthelocaldatabaseontheRBT‐8100switch,type
thefollowingcommand:
RBT-8100# set user Joe password spRin9
success: User Joe created
Theencryptedoption indicatesthatthepasswordstringyouareenteringistheencryptedformof
thepassword.UsethisoptiononlyifyoudonotwantMSStoencryptthepasswordforyou.
Toclearauserfromthelocaldatabase,typethefollowingcommand:
clear user username
Note: Although MSS allows you to configure a user password for the special “last-resort” guest user,
the password has no effect. Last-resort users can never access a RoamAbout Switch in
administrative mode and never require a password.