3Com WX2200 3CRWX220095A Switch User Manual


 
3
CONFIGURING AAA FOR
ADMINISTRATIVE AND LOCAL
ACCESS
3Com Mobility System Software (MSS) supports authentication,
authorization, and accounting (AAA) for secure network connections. As
administrator, you must establish administrative access for yourself and
optionally other local users before you can configure the WX for
operation.
Overview Here is an overview of configuration topics:
1 Console connection. By default, any administrator can connect to the
console port and manage the switch, because no authentication is
enforced. (3Com recommends that you enforce authentication on the
console port after initial connection.)
2 Telnet or SSH connection. Administrators cannot establish a Telnet or
Secure Shell (SSH) connection to the WX by default. To provide Telnet or
SSH access, you must add a username and password entry to the local
database or, optionally, set the authentication method for Telnet users to
a Remote Authentication Dial-In User Service (RADIUS) server.
A CLI Telnet connection to the WX is not secure, unlike SSH, 3WXM and
Web Manager connections. (For details, see Chapter 20, “Managing Keys
and Certificates,” on page 413.)
3 Restricted mode. When you initially connect to the WX, your mode of
operation is restricted. In this mode, only a small subset of status and
monitoring commands is available. Restricted mode is useful for
administrators with basic monitoring privileges who are not allowed to
change the configuration or run traces.
4 Enabled mode. To enter the enabled mode of operation, you type the
enable command at the command prompt. In enabled mode, you can
use all CLI commands. Although MSS does not require an enable
password, 3Com highly recommends that you set one.