AAA Commands 193Nortel WLAN—Security Switch 2300 Series Command Line ReferenceDefaults By default, authentication is deactivated for all admin users. The default authentication method inan admin authentication rule is local. WSS Software checks the local WSS database for authentication.Access Enabled..Usage You can configure different authentication methods for different groups of users. (For details, see“User Wildcards, MAC Address Wildcards, and VLAN Wildcards” on page 12.)If you specify multiple authentication methods in the set authentication console command, WSS Software applies themin the order in which they appear in the command, with these results:• If the first method responds with pass or fail, the evaluation is final.• If the first method does not respond, WSS Software tries the second method, and so on.• However, if local appears first, followed by a RADIUS server group, WSS Software ignores any failed searches inthe local WSS database and sends an authentication request to the RADIUS server group.Examples The following command configures administrator Jose, who connects via Telnet, forauthentication on RADIUS server group sg3:WSS# set authentication admin Jose sg3success: change accepted.See Also• clear authentication admin on page 167• set authentication console on page 183• set authentication dot1x on page 185• set authentication mac on page 189• set authentication web on page 191• show aaa on page 210set authentication consoleConfigures authentication and defines where it is performed for specified users with administrative access through aconsole connection.Note. The syntax descriptions for the set authentication commands have beenseparated for clarity. However, the options and behavior for the set authentication admincommand are the same as in previous releases.Note. If a AAA rule specifies local as a secondary AAA method, to be used if theRADIUS servers are unavailable, and WSS Software authenticates a client with the localmethod, WSS Software starts again at the beginning of the method list when attempting toauthorize the client. This can cause unexpected delays during client processing and cancause the client to time out before completing logon.