3com WX2200 3CRWX220095A Manual Do Utilizador

240

HAPTER

8: AAA C

OMMANDS

History —Introduced in MSS Version 3.0.

The syntax descriptions for the set authentication commands are
separated for clarity. However, the options and behavior for the set
authentication admin command are the same as in previous releases.

Usage — You can configure different authentication methods for
different groups of users. (For details, see “User Globs, MAC Address
Globs, and VLAN Globs” on page 30.)

If you specify multiple authentication methods in the set authentication
console command, MSS applies them in the order that they appear in
the command, with these results:

If the first method responds with pass or fail, the evaluation is final.

If the first method does not respond, MSS tries the second method, and
so on.

However, if local appears first, followed by a RADIUS server group, MSS
ignores any failed searches in the local WX database and sends an
authentication request to the RADIUS server group.

If a AAA rule specifies local as a secondary AAA method, to be used if the
RADIUS servers are unavailable, and MSS authenticates a client with the
local method, MSS starts again at the beginning of the method list when
attempting to authorize the client. This can cause unexpected delays
during client processing and can cause the client to time out before
completing logon.

Examples — The following command configures administrator Jose,
who connects via Telnet, for authentication on RADIUS server group sg3:

WX4400# set authentication admin Jose sg3

success: change accepted.

display aaa on page 229

set authentication console on page 241

set authentication dot1x on page 243

set authentication mac on page 247