51Nortel WLAN Security Switch 2300 Series Configuration GuideConfiguring AAA forAdministrative and LocalAccessOverview of AAA for Administrative and Local AccessNortel WLAN 2300 System Software (WSS Software) supports authentication, authorization, and accounting (AAA) forsecure network connections. As administrator, you must establish administrative access for yourself and optionally otherlocal users before you can configure the WSS for operation.Here is an overview of configuration topics:1 Console connection. By default, any administrator can connect to the console port and manage theswitch, because no authentication is enforced. (Nortel recommends that you enforce authentication on theconsole port after initial connection.)2 Telnet or SSH connection. Administrators cannot establish a Telnet or Secure Shell (SSH) connection tothe WSS by default. To provide Telnet or SSH access, you must add a username and password entry tothe local database or, optionally, set the authentication method for Telnet users to a RemoteAuthentication Dial-In User Service (RADIUS) server.3 Restricted mode. When you initially connect to the WSS, your mode of operation is restricted. In thismode, only a small subset of status and monitoring commands is available. Restricted mode is useful forOverview of AAA for Administrative and Local Access . . . . . . . . . . . . . . . . . . . . . . 51Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53About Administrative Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54First-Time Configuration using the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Configuring Accounting for Administrative Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Displaying the AAA Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Saving the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Administrative AAA Configuration Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Note. A CLI Telnet connection to the WSS is not secure, unlike SSH, WLANManagement Software and Web View connections. (For details, see Chapter ,“Managing Keys and Certificates,” on page 379.)