Operation Manual
AAA Commands
AAA Commands
9 – 171
If the username does not match an authentication rule for the SSID the user is attempting to
access, MSS uses the fallthru authentication type configured for the SSID, which can be
last-resort, web-portal (for WebAAA), or none.
Examples
To use the local MX database to authenticate all users who access the mycorp2 SSID by
their MAC address, type the following command:
MX# set authentication ssid mycorp2 mac ** local
success: change accepted.
See Also
● clear authentication mac on page 9-151
● set authentication admin on page 9-164
● set authentication console on page 9-165
● set authentication dot1x on page 9-167
● set authentication web on page 9-174
● show aaa on page 9-190
set authentication mac-prefix
Specifies the MAC address prefix for SSID authentication.
Syntax
set authentication mac-prefix {ssid [ ssid | any]} wired mac-glob
Defaults
None
Access
Enabled.
History
Introduced in MSS Version 7.0.
Usage
You can configure different authentication methods for different groups of MAC addresses
by “globbing.” (For details, see “User Globs, MAC Address Globs, and VLAN Globs” on
page 2–7.)
Examples
To set the MAC address glob for authenticating an SSID, use the following command:
MX# set authentication mac-prefix ssid any 00:00*
success: change accepted.
set authentication max-attempts
Specifies the maximum number of login attempts users can make before being locked out of the
system.
Syntax
set authentication max-attempts number
Defaults
For Telnet or SSH sessions, a maximum of 4 failed login attempts are allowed by default.
For console or network sessions, an unlimited number of failed login attempts are allowed by
default.
Access
Enabled.
History
Introduced in MSS 6.0.
Usage
Use this command to specify the maximum number of failed login attempts allowed for a
user. If the user is unable to log in within the specified number of attempts, the user is locked out
of the system, and access must be manually restored with the clear user lockout command.
number Number of allowable login attempts for a user. You can specify a
number between 0 – 1000. Specifying 0 causes the number of allowable
login attempts to reset to the default values.