Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

161

162

163

164

165

166

167

168

169

170

AAA Commands

Mobility System Software Command Reference Guide

Version 7.3

9 – 166

Syntax

set authentication console user-glob

method1 [method2] [method3] [method4]

Defaults

By default, authentication is deactivated for all console users, and the default

authentication method in a console authentication rule is none. MSS requires no username or

password, by default. These users can press Enter at the prompts for administrative access.

Access

Enabled.

History

Introduced in MSS 1.0.

Usage

You can configure different authentication methods for different groups of users. (For

details, see “User Globs, MAC Address Globs, and VLAN Globs” on page 2–7.)

user-glob Single user or set of users with administrative access through

the switch’s console.

Specify a username, use the double-asterisk wildcard character

(**) to specify all usernames, or use the single-asterisk wildcard

character (*) to specify a set of usernames up to or following the

first delimiter character—either an at sign (@) or a period (.).

(For details, see “User Globs” on page 2–7.)

method1

method2

method3

method4

At least one of up to four methods that MSS uses to handle

authentication. Specify one or more of the following methods in

priority order. MSS applies multiple methods in the order you

enter them.

A method can be one of the following:

❑ local—Uses the local database of usernames and user

groups on the MX switch for authentication.

❑ server-group-name—Uses the defined group of RADIUS

servers for authentication. You can enter up to four names

of existing RADIUS server groups as methods.

❑ none—For users with administrative access only, MSS

performs no authentication, but prompts for a username

and password and accepts any combination of entries,

including blanks.

❑ ldap_group_name —Uses the defined group of LDAP

servers for authentication. You can configure up to four

LDAP server groups.

Note: The authentication method none you can specify for

administrative access is different from the fallthru

authentication type none, which applies only to network

access. The authentication method none allows access to the

MX by an administrator. The fallthru authentication type

none denies access to a network user. (See “set

service-profile [rsn-id | wpa-ie] auth-fallthru” on

page 12–287.)

Note: You must configure an LDAP server group before you

can use LDAP as an authentication method

For more information, see “Usage.”

Note:

It is recommended that you change the default setting unless the MX is in a

secure physical location.

Note:

The syntax descriptions for the set authentication commands are

separated for clarity. However, the options and behavior for the set

authentication console command are the same as in previous releases.