Manualshelf

Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3
161162163164165166167168169170
AAA Commands
AAA Commands
9 – 165
Defaults
By default, authentication is deactivated for all admin users. The default authentication
method in an admin authentication rule is local. MSS checks the local MX database for
authentication.
Access
Enabled.
History
Usage
You can configure different authentication methods for different groups of users. (For
details, see “User Globs, MAC Address Globs, and VLAN Globs” on page 2–7.)
If you specify multiple authentication methods in the set authentication console command,
MSS applies them in the order that they appear in the command, with these results:
If the first method responds with pass or fail, the evaluation is final.
If the first method does not respond, MSS tries the second method, and so on.
However, if local appears first, followed by a RADIUS server group, MSS ignores any failed
searches in the local MX database and sends an authentication request to the RADIUS server
group.
Examples
The following command configures administrator Jose, who connects via Telnet, for
authentication on RADIUS server group sg3:
MX# set authentication admin Jose sg3
success: change accepted.
See Also
clear authentication admin on page 9-149
set authentication console on page 9-165
set authentication dot1x on page 9-167
set authentication mac on page 9-170
set authentication web on page 9-174
show aaa on page 9-190
set authentication console
Configures authentication and defines where it is performed for specified users with
administrative access through a console connection.
MSS 1.0 Command introduced.
MSS 7.1 LDAP added as an authentication method.
Note:
The syntax descriptions for the set authentication commands are separated for
clarity. However, the options and behavior for the set authentication admin
command are the same as in previous releases.
Note:
If a AAA rule specifies local as a secondary AAA method, to be used if the RADIUS
servers are unavailable, and MSS authenticates a client with the local method, MSS
starts again at the beginning of the method list when attempting to authorize the
client. This can cause unexpected delays during client processing and can cause the
client to time out before completing logon.