Configuring AAA for Administrative and Local Access 69

Local Override and Backup Local Authentication

This scenario illustrates how to enable local override authentication for console users. Local override means that WSS Software attempts authentication first through the local database. If it finds no match for the user in the local database, WSS Software then tries a RADIUS server—in this case, server r1 in server group sg1. Natasha types the following commands in this order:

23x0# set user natasha password m@Jor User natasha created

23x0# set radius server r1 address 192.168.253.1 key sunFLOW#$ success: change accepted.

23x0# set server group sg1 members r1 success: change accepted.

23x0# set authentication console * local sg1 success: change accepted.

23x0# save config

success: configuration saved.

Natasha also enables backup RADIUS authentication for Telnet administrative users. If the RADIUS server does not respond, the user is authenticated by the local database in the WSS switch. Natasha types the following commands:

23x0# set authentication admin * sg1 local success: change accepted.

23x0# save config

success: configuration saved.

The order in which Natasha enters authentication methods in the set authentication command determines the method WSS Software attempts first. The local database is the first method attempted for console users and the last method attempted for Telnet administrators.

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 69
Image 69
Nortel Networks 2300 manual Local Override and Backup Local Authentication