Nortel Networks 2300 Configuring Accounting for Administrative Users, Success User Jose created

Configuring AAA for Administrative and Local Access 63

Adding and Clearing Local Users for Administrative Access

Usernames and passwords can be stored locally on the WSS switch. Nortel recommends that you enforce console authentication after the initial configuration to prevent anyone with unauthorized access to the console from logging in. The local database on the WSS switch is the simplest way to store user information in a Nortel system.

To configure a user in the local database, type the following command:

set user username password password

For example, to configure user Jose with the password spRin9 in the local database on the WSS, type the following command:

23x0# set user Jose password spRin9

success: User Jose created

To clear a user from the local database, type the following command:

clear user username

Configuring Accounting for Administrative Users

Accounting allows you to track network resources. Accounting records can be updated for three important events: when the user is first connected, when the user roams from one AP access point to another, and when the user terminates his or her session. The default for accounting is off.

To configure accounting for administrative logins, use the following command:

set accounting {admin console} {user-wildcard}{start-stop stop-only}method1 [method2] [method3] [method4]

To configure accounting for administrative logins over the network at EXAMPLE, enter the following command:

set accounting admin EXAMPLE\* start-stop stop-only aaa-method

You can select either start-stopor stop-onlyaccounting modes. The stop-onlymode sends only stop records, whereas start-stopsends both start and stop records, effectively doubling the number of accounting records. In most cases, stop-onlyis entirely adequate for administrative accounting, because a stop record contains all the information you might need about a session.

In the set accounting command, you must include AAA methods that specify whether to use the local database or RADIUS server to receive the accounting records. Specify local, which causes the processing to be done on the WSS switch, or specify a RADIUS server group. For information about configuring a RADIUS server group, see “Config- uring RADIUS Server Groups” on page 483.

For example, you can set accounting for administrative users using the start-stop mode through the local database:

23x0# set accounting admin EXAMPLE\* start-stop local success: change accepted.

The accounting records show the date and time of activity, the user’s status and name, and other attributes. The show accounting statistics command displays accounting records for administrative users after they have logged in to the WSS switch.

Nortel WLAN Security Switch 2300 Series Configuration Guide