Open as PDF
58 CHAPTER 3: CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS
The authentication method none you can specify for administrative
access is different from the fallthru authentication type None, which
applies only to network access. The authentication method none allows
access to the WX switch by an administrator. The fallthru authentication
type None denies access to a network user. (For information about the
fallthru authentication types, see “Authentication Algorithm” on
with “Globs” and
“Globbing” lets you classify users by username or media access control
(MAC) address for different AAA treatments. A user glob is a string,
possibly containing wildcards, for matching AAA and IEEE 802.1X
authentication methods to a user or set of users. The WX switch supports
the following wildcard characters for user globs:
Single asterisk (*) matches the characters in a username up to but not
including a separator character, which can be an at (@) sign or a
Double asterisk (**) matches all usernames.
In a similar fashion, MAC address globs match authentication methods to
a MAC address or set of MAC addresses. For details, see “User Globs,
MAC Address Globs, and VLAN Globs” on page 30.
A user group is a named collection of users or MAC addresses sharing a
common authorization policy. For example, you might group all users on
the first floor of building 17 into the group bldg-17-1st-floor, or group all
users in the IT group into the group infotech-people. Individual user
entries override group entries if they both configure the same attribute.
(For information about configuring users and user groups, see “Adding
and Clearing Local Users for Administrative Access” on page 59.)
Like usernames, passwords are case-sensitive. To make passwords secure,
make sure they contain uppercase and lowercase letters and numbers. 3Com
recommends that all users create passwords that are memorable to
themselves, difficult for others to guess, and not subject to a dictionary attack.
User passwords are automatically encrypted when entered in the local
database. However, the encryption is not strong. It is designed only to
discourage someone looking over your shoulder from memorizing your
password as you display the configuration. To maintain security, MSS
displays only the encrypted form of the password in display commands.