3Com WX2200 3CRWX220095A Switch User Manual


 
64 CHAPTER 3: CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS
Local Override and
Backup Local
Authentication
This scenario illustrates how to enable local override authentication for
console users. Local override means that MSS attempts authentication
first via the local database. If it finds no match for the user in the local
database, MSS then tries a RADIUS server—in this case, server r1 in server
group sg1. Natasha types the following commands in this order:
WX1200# set user natasha password m@Jor
User natasha created
WX1200# set radius server r1 address 192.168.253.1 key sunFLOW#$
success: change accepted.
WX1200# set server group sg1 members r1
success: change accepted.
WX1200# set authentication console * local sg1
success: change accepted.
WX1200# save config
success: configuration saved.
Natasha also enables backup RADIUS authentication for Telnet
administrative users. If the RADIUS server does not respond, the user is
authenticated by the local database in the WX switch. Natasha types the
following commands:
WX1200# set authentication admin * sg1 local
success: change accepted.
WX1200# save config
success: configuration saved.
The order in which Natasha enters authentication methods in the set
authentication command determines the method MSS attempts first.
The local database is the first method attempted for console users and
the last method attempted for Telnet administrators.