3com WXR100 3CRWXR10095A User Manual

C

HAPTER

 3: C

ONFIGURING

 AAA 

FOR

 A

DMINISTRATIVE

 

AND

 L

OCAL

 A

CCESS

This scenario illustrates how to enable local override authentication for 
console users. Local override means that MSS attempts authentication 
first via the local database. If it finds no match for the user in the local 
database, MSS then tries a RADIUS server—in this case, server r1 in server 
group sg1. Natasha types the following commands in this order: 

WX1200# set user natasha password m@Jor
User natasha created
WX1200# set radius server r1 address 192.168.253.1 key sunFLOW#$
success: change accepted.
WX1200# set server group sg1 members r1
success: change accepted.
WX1200# set authentication console * local sg1
success: change accepted.
WX1200# save config
success: configuration saved.

Natasha also enables backup RADIUS authentication for Telnet 
administrative users. If the RADIUS server does not respond, the user is 
authenticated by the local database in the WX switch. Natasha types the 
following commands:

WX1200# set authentication admin * sg1 local
success: change accepted.
WX1200# save config
success: configuration saved.

The order in which Natasha enters authentication methods in the set 
authentication command determines the method MSS attempts first. 
The local database is the first method attempted for console users and 
the last method attempted for Telnet administrators.