Specifications
set authentication admin
Chapter 9
AAA Commands
205
Defaults
By default, authentication is deactivated for all admin users. The default
authentication method in an admin authentication rule is local. UNIVERGE WL
Control System checks the local UNIVERGE WL Controller database for
authentication.
Access
Enabled.
Usage
You can configure different authentication methods for different groups
of users. (For details, see “User Globs, MAC Address Globs, and VLAN Globs”
on page 9.)
If you specify multiple authentication methods in the set authentication console
command, UNIVERGE WL Control System applies them in the order that they
appear in the command, with these results:
l If the first method responds with pass or fail, the evaluation is final.
l If the first method does not respond, UNIVERGE WL Control System tries
the second method, and so on.
l However, if local appears first, followed by a RADIUS server group,
UNIVERGE WL Control System ignores any failed searches in the local
UNIVERGE WL Controller database and sends an authentication request to
the RADIUS server group.
Examples
The following command configures administrator Jose, who connects
via Telnet, for authentication on RADIUS server group sg3:
PROMPT# set authentication admin Jose sg3
success: change accepted.
Note. The syntax descriptions for the set authentication commands are
separated for clarity. However, the options and behavior for the set
authentication admin command are the same as in previous releases.
Note. If a AAA rule specifies local as a secondary AAA method, to be used if
the RADIUS servers are unavailable, and UNIVERGE WL Control System
authenticates a client with the local method, UNIVERGE WL Control System
starts again at the beginning of the method list when attempting to authorize
the client. This can cause unexpected delays during client processing and can
cause the client to time out before completing logon.