Nortel Networks NN47250-500 User Manual
74 Configuring Web-based AAA for administrative and local access
NN47250-500 (Version 03.01)
4
Enabled mode. To enter the enabled mode of operation, you type the enable command at the
command prompt. In enabled mode, you can use all CLI commands. Although WSS Software
does not require an enable password, Nortel highly recommends that you set one.
command prompt. In enabled mode, you can use all CLI commands. Although WSS Software
does not require an enable password, Nortel highly recommends that you set one.
5
Customized authentication. You can require authentication for all users or for only a subset of
users. Username wildcards (see
users. Username wildcards (see
) allows different users or classes of user to be given different
authentication treatments. You can configure console authentication and Telnet authentication
separately, and you can apply different authentication methods to each.
separately, and you can apply different authentication methods to each.
For any user, authorization uses the same method(s) as authentication for that user.
6
Local override. A special authentication technique called local override lets you attempt
authentication via the local database before attempting authentication via a RADIUS server.
The WSS attempts administrative authentication in the local database first. If it finds no match,
the WSS attempts administrative authentication on the RADIUS server. (For information about
setting a WSS to use RADIUS servers, see
authentication via the local database before attempting authentication via a RADIUS server.
The WSS attempts administrative authentication in the local database first. If it finds no match,
the WSS attempts administrative authentication on the RADIUS server. (For information about
setting a WSS to use RADIUS servers, see
7
Accounting for administrative access sessions. Accounting records can be stored and
displayed locally or sent to a RADIUS server. Accounting records provide an audit trail of the
time an administrative user logged in, the administrator’s username, the number of bytes
transferred, and the time the session started and ended.
displayed locally or sent to a RADIUS server. Accounting records provide an audit trail of the
time an administrative user logged in, the administrator’s username, the number of bytes
transferred, and the time the session started and ended.
illustrates a typical WSS, APs, and network administrator in an enterprise network. As network
administrator, you initially access the WSS via the console. You can then optionally configure authentication,
authorization, and accounting for administrative access mode.
authorization, and accounting for administrative access mode.
Nortel recommends enforcing authentication for administrative access using usernames and passwords stored
either locally or on RADIUS servers.
either locally or on RADIUS servers.