Support User Manuals

3Com WX2200 3CRWX220095A Switch User Manual

Open as PDF

of 728

58 CHAPTER 3: CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS

The authentication method none you can specify for administrative

access is different from the fallthru authentication type None, which

applies only to network access. The authentication method none allows

access to the WX switch by an administrator. The fallthru authentication

type None denies access to a network user. (For information about the

fallthru authentication types, see “Authentication Algorithm” on

page 435.)

Customizing AAA

with “Globs” and

Groups

“Globbing” lets you classify users by username or media access control

(MAC) address for different AAA treatments. A user glob is a string,

possibly containing wildcards, for matching AAA and IEEE 802.1X

authentication methods to a user or set of users. The WX switch supports

the following wildcard characters for user globs:

 Single asterisk (*) matches the characters in a username up to but not

including a separator character, which can be an at (@) sign or a

period (.).

 Double asterisk (**) matches all usernames.

In a similar fashion, MAC address globs match authentication methods to

a MAC address or set of MAC addresses. For details, see “User Globs,

MAC Address Globs, and VLAN Globs” on page 30.

A user group is a named collection of users or MAC addresses sharing a

common authorization policy. For example, you might group all users on

the first floor of building 17 into the group bldg-17-1st-floor, or group all

users in the IT group into the group infotech-people. Individual user

entries override group entries if they both configure the same attribute.

(For information about configuring users and user groups, see “Adding

and Clearing Local Users for Administrative Access” on page 59.)

Setting User

Passwords

Like usernames, passwords are case-sensitive. To make passwords secure,

make sure they contain uppercase and lowercase letters and numbers. 3Com

recommends that all users create passwords that are memorable to

themselves, difficult for others to guess, and not subject to a dictionary attack.

User passwords are automatically encrypted when entered in the local

database. However, the encryption is not strong. It is designed only to

discourage someone looking over your shoulder from memorizing your

password as you display the configuration. To maintain security, MSS

displays only the encrypted form of the password in display commands.

previous next