57
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Administrative and Local Access
Setting User Passwords
Like usernames, passwords are case-sensitive. To make passwords secure, make sure
they contain uppercase and lowercase letters and numbers. D-Link recommends that all
users create passwords that are memorable to themselves, difficult for others to guess,
and not subject to a dictionary attack.
User passwords are automatically encrypted when entered in the local database. However,
the encryption is not strong. It is designed only to discourage someone looking over your
shoulder from memorizing your password as you display the configuration. To maintain
security, MSS displays only the encrypted form of the password in
show
commands.
Adding and Clearing Local Users for Administrative Access
Usernames and passwords can be stored locally on the DWS-1008 switch. D-Link
recommends that you enforce console authentication after the initial configuration to prevent
anyone with unauthorized access to the console from logging in. The local database on
the DWS-1008 switch is the simplest way to store user information in a D-Link system. To
configure a user in the local database, type the following command:
set user
username
password
password
Note.
Although MSS allows you to configure a user password for the special “last-resort”
guest user, the password has no effect. Last-resort users can never access a DWS-1008 in
administrative mode and never require a password.
For example, to configure user Jose with the password
spRin9
in the local database on the
DWS-1008 switch, type the following command:
DWS-1008#
set user Jose password spRin9
success: User Jose created
To clear a user from the local database, type the following command:
clear user
username
Configuring Accounting for Administrative Users
Accounting allows you to track network resources. Accounting records can be updated for
three important events: when the user is first connected, when the user roams from one
DWL-8220AP access point to another, and when the user terminates his or her session. The
default for accounting is
off
.
To configure accounting for administrative logins, use the following command:
set accounting
{
admin
|
console
} {
user-glob
} {
start-stop
|
stop-only
}
method1
[
method2
] [
method3
] [
method4
]
To configure accounting for administrative logins over the network at
EXAMPLE
, enter the
Summary of Contents for DWS-1008
Page 1: ......