Filter
Top Products
Configuring Web-based AAA for administrative and local access 77
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Setting user passwords
Like usernames, passwords are not case-sensitive. To make passwords secure, make sure they contain uppercase and
lowercase letters and numbers. Nortel recommends that all users create passwords that are memorable to themselves,
difficult for others to guess, and not subject to a dictionary attack.
User passwords are automatically encrypted when entered in the local database. However, the encryption is not strong. It
is designed only to discourage someone looking over your shoulder from memorizing your password as you display the
configuration. To maintain security, WSS Software displays only the encrypted form of the password in show
commands.
Adding and clearing local users for Administrative Access
Usernames and passwords can be stored locally on the WSS. Nortel recommends that you enforce console authentication
after the initial configuration to prevent anyone with unauthorized access to the console from logging in. The local
database on the WSS is the simplest way to store user information in a Nortel system.
To configure a user in the local database, type the following command:
set user username password [encrypted] password
For example, to configure user Jose with the password spRin9 in the local database on the WSS, type the following
command:
WSS# set user Jose password spRin9
success: User Jose created
The encrypted option indicates that the password string you are entering is the encrypted form of the password. Use this
option only if you do not want WSS Software to encrypt the password for you.
To clear a user from the local database, type the following command:
clear user username
Configuring accounting for administrative users
Accounting allows you to track network resources. Accounting records can be updated for three important events: when
the user is first connected, when the user roams from one AP to another, and when the user terminates his or her session.
The default for accounting is off.
To configure accounting for administrative logins, use the following command:
set accounting {admin | console} {user-wildcard} {start-stop | stop-only} method1 [method2]
[method3] [method4]
Note. Although WSS Software allows you to configure a user password for the special
“last-resort” guest user, the password has no effect. Last-resort users can never access a
WSS in administrative mode and never require a password.