84 Configuring Web-based AAA for administrative and local access
NN47250-500 (Version 03.01)

Adding and clearing local users for Administrative Access

Usernames and passwords can be stored locally on the WSS. Nortel recommends that you enforce console authentication
after the initial configuration to prevent anyone with unauthorized access to the console from logging in. The local
database on the WSS is the simplest way to store user information in a Nortel system.
To configure a user in the local database, type the following command:
set user username password [encrypted] password
For example, to configure user Jose with the password spRin9 in the local database on the WSS, type the following
command:
WSS# set user Jose password spRin9
success: User Jose created
The encrypted option indicates that the password string you are entering is the encrypted form of the password. Use this
option only if you do not want WSS Software to encrypt the password for you.
To clear a user from the local database, type the following command:
clear user username

Configuring accounting for administrative users

Accounting allows you to track network resources. Accounting records can be updated for three important events: when
the user is first connected, when the user roams from one AP to another, and when the user terminates his or her session.
The default for accounting is off.
To configure accounting for administrative logins, use the following command:
set accounting {admin | console} {user-wildcard} {start-stop | stop-only} method1 [method2]
[method3] [method4]
To configure accounting for administrative logins over the network at EXAMPLE, enter the following command:
set accounting admin EXAMPLE\* start-stop | stop-only aaa-method
You can select either start-stop or stop-only accounting modes. The stop-only mode sends only stop records, whereas
start-stop sends both start and stop records, effectively doubling the number of accounting records. In most cases,
stop-only is entirely adequate for administrative accounting, because a stop record contains all the information you
might need about a session.
In the set accounting command, you must include Web-based AAA methods that specify whether to use the local
database or RADIUS server to receive the accounting records. Specify local, which causes the processing to be done on
the WSS, or specify a RADIUS server group. For information about configuring a RADIUS server group, see “Config-
uring RADIUS server groups” on page 639.
For example, you can set accounting for administrative users using the start-stop mode via the local database:
WSS# set accounting admin EXAMPLE\* start-stop local
success: change accepted.