Configuring Web-based AAA for administrative and local access 77Nortel WLAN—Security Switch 2300 Series Configuration GuideSetting user passwordsLike usernames, passwords are not case-sensitive. To make passwords secure, make sure they contain uppercase andlowercase letters and numbers. Nortel recommends that all users create passwords that are memorable to themselves,difficult for others to guess, and not subject to a dictionary attack.User passwords are automatically encrypted when entered in the local database. However, the encryption is not strong. Itis designed only to discourage someone looking over your shoulder from memorizing your password as you display theconfiguration. To maintain security, WSS Software displays only the encrypted form of the password in showcommands.Adding and clearing local users for Administrative AccessUsernames and passwords can be stored locally on the WSS. Nortel recommends that you enforce console authenticationafter the initial configuration to prevent anyone with unauthorized access to the console from logging in. The localdatabase on the WSS is the simplest way to store user information in a Nortel system.To configure a user in the local database, type the following command:set user username password [encrypted] passwordFor example, to configure user Jose with the password spRin9 in the local database on the WSS, type the followingcommand:WSS# set user Jose password spRin9success: User Jose createdThe encrypted option indicates that the password string you are entering is the encrypted form of the password. Use thisoption only if you do not want WSS Software to encrypt the password for you.To clear a user from the local database, type the following command:clear user usernameConfiguring accounting for administrative usersAccounting allows you to track network resources. Accounting records can be updated for three important events: whenthe user is first connected, when the user roams from one AP to another, and when the user terminates his or her session.The default for accounting is off.To configure accounting for administrative logins, use the following command:set accounting {admin | console} {user-wildcard} {start-stop | stop-only} method1 [method2][method3] [method4]Note. Although WSS Software allows you to configure a user password for the special“last-resort” guest user, the password has no effect. Last-resort users can never access aWSS in administrative mode and never require a password.