< Home

Authentication Configuration

Context

Authentication configuration includes configurations of the local and RADIUS authentication modes. If the local authentication mode is used, you must create a user account on the switch and set a password. If the RADIUS authentication mode is used, you must configure the IP address, port number, and shared key of the RADIUS server. If the password configured in local user creation or modification is the same as the default password, security risk exists.

Procedure

  • Configuring local authentication

    1. Click Configuration to display the Configuration page.

    2. Choose Security Services > User Access Control in the navigation tree to display the User Access Control page.

    3. Click the Authentication Configuration tab to display the Authentication Configuration page.

    4. Select an option from the User domain name drop-down list box in the Authentication Configuration area.

    5. Select Local authentication for Authentication mode, as shown in Figure 1.

      Figure 1 Configuring local authentication

    6. Click Apply.

    7. Configure the user account information for local authentication in the Account Management area.

      • Create a user account.

        1. Click Create to display the Create User page, as shown in Figure 2.

          Figure 2 Create User

          Table 1 describes the parameters for creating a user.

          Table 1 Create User/Modify User

          Parameter

          Description

          User name

          Indicates the new user name.

          The user name cannot contain \ / : * ? " < > | ' or %, and cannot start with @.

          Password

          Indicates the user password.

          A secure password should contain at least two types of the following: lowercase letters, uppercase letters, numerals, special characters (such as ! $ # %). In addition, the password cannot contain spaces or single quotation marks (').

          Confirm password

          Indicates the confirm password. The format is the same as that of Password.

          Status

          Sets the user status.

          User status includes active and block. If the status is set to block, the device rejects the user's authentication requests, and the user cannot change the password.

          NOTE:

          This parameter is only displayed on the user modification page.

          Access type

          Sets the user access type.

          Forced offline

          Indicates whether a user is forcibly disconnected from the network.

          NOTE:

          This parameter is only displayed on the user modification page.

        2. Set the parameters. Click OK.

      • Modify a user account.

        1. Click Modify next to the AAA account to be modified to display the Modify User page, as shown in Figure 3.
          Figure 3 Modify User

          • For parameter description, see Table 1.

          • The user name is fixed and cannot be changed.

        2. Set the parameters. Click OK.

      • Delete a user account.

        1. You can delete a user account using either of the following methods:

          • Click Delete next to the AAA account to be deleted.

          • Select the records of the AAA accounts to be deleted, and click Delete next to Create to delete the AAA accounts in batches.

        2. After you click Delete, the system prompts you to confirm the deletion operation. Click OK.

  • Configuring RADIUS authentication

    1. Click Configuration to display the Configuration page.

    2. Choose Security Services > User Access Control in the navigation tree to display the User Access Control page.

    3. Click the Authentication Configuration tab to display the Authentication Configuration page.

    4. Select an option from the User domain name drop-down list box in the Authentication Configuration area.

    5. Select RADIUS authentication for Authentication mode, as shown in Figure 4.

      Figure 4 Configuring RADIUS authentication
      Table 2 describes the parameters for RADIUS authentication.
      Table 2 Parameters for configuring RADIUS authentication

      Parameter

      Description

      Server IP address

      Indicates the IP address of the RADIUS server, for example, 10.10.10.1.

      The server IP address must have reachable routes to the switch.

      Port number

      Indicates the UDP port number of the RADIUS server.

      Shared key

      Indicates the shared key used for communication between the switch and RADIUS server.

      When communicating with the RADIUS server, the switch uses the shared key to encrypt the user password to ensure password security during data transmission.

      The value is a string of 1 to 128 case-sensitive characters without spaces, single quotes ('), and question mask (?).

      Confirm shared key

      Indicates the confirm shared key.

      The format is the same as that of the shared key.

    6. Set the parameters.

    7. Click Apply.

Parent Topic: User Access Control
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >