Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

161

162

163

164

165

166

167

168

169

170

AAA Commands

Mobility System Software Command Reference Guide

Version 7.3

9 – 164

Usage

Use this command to configure MSS to send an Accounting-On message (Acct-Status-Type

= 7) to a RADIUS server when the MX switch starts, and an Accounting-Off message

(Acct-Status-Type = 8) to the RADIUS server when the MX switch is adminstratively shut down.

When you enable this command, an Accounting-On message is generated and sent to the specified

server or server group. Subsequent Accounting-On messages are generated each time the MX

starts. When the MX is administratively shut down, an Accounting-Off message is generated.

Accounting-Off messages are sent only when the MX is administratively shut down, not when a

critical failure causes the MX to reset. The MX does not wait for a RADIUS server to acknowledge

the Accounting-Off message; the MX makes one attempt to send the Accounting-Off message, then

shuts down.

Examples

The following command causes Accounting-On and Accounting-Off messages to be sent

to RADIUS server group shorebirds:

MX# set accounting system shorebirds

success: change accepted.

See Also

● clear accounting on page 9-148

● show accounting statistics on page 9-199

set authentication admin

Configures authentication and defines where it is performed for specified users with

administrative access through Telnet or Web View.

Syntax

set authentication admin user-glob

method1 [method2] [method3] [method4]

user-glob Single user or set of users with administrative access over the network through

Telnet or Web View.

Specify a username, use the double-asterisk wildcard character (**) to specify all

usernames, or use the single-asterisk wildcard character (*) to specify a set of

usernames up to or following the first delimiter character—either an at sign (@) or a

period (.). (For details, see “User Globs” on page 2–7.)

method1

method2

method3

method4

At least one of up to four methods that MSS uses to handle authentication. Specify

one or more of the following methods in priority order. MSS applies multiple

methods in the order you enter them.

A method can be one of the following:

❑ local—Uses the local database of usernames and user groups on the MX switch

for authentication.

❑ server-group-name—Uses the defined group of RADIUS servers for

authentication. You can enter up to four names of existing RADIUS server

groups as methods.

❑ none—For users with administrative access only, MSS performs no

authentication, but prompts for a username and password and accepts any

combination of entries, including blanks.

❑ ldap_group_name —Uses the defined group of LDAP servers for authentication.

You can configure up to four LDAP server groups.

Note: The authentication method none you can specify for administrative access is

different from the fallthru authentication type none, which applies only to network

access. The authentication method none allows access to the MX switch by an

administrator. The fallthru authentication type none denies access to a network

user. (See “set service-profile [rsn-id | wpa-ie] auth-fallthru” on page 12–

287.)

For more information, see “Usage.”