Authentication Configuration

This section provides configuration steps and instructions on user authentication.

Context

Authentication configuration includes configurations of the local and RADIUS authentication modes. If the local authentication mode is used, you must create a user account on the switch and set a password. If the RADIUS authentication mode is used, you must configure the IP address, port number, and shared key of the RADIUS server.

Procedure

Configuring local authentication

Click Configuration to display the Configuration page.
Choose AAA & NAC in the navigation tree to display the AAA & NAC page.
Click the Authentication Configuration tab to display the Authentication Configuration page.
Select an option from the User Domain Name drop-down list box in the Authentication Configuration area.
Select Local Authentication for Authentication Mode.
Click Apply.

Configure the user account information for local authentication in the Account Management area.

Create a user account.

Click Create to display the New User page.

Table 1 describes the parameters for creating a user.

**Table 1** New User/Modify User
Parameter	Description
User name	Indicates the new user name. The user name cannot contain / : * ? " < > \| ' or %, and cannot start with @.
Password	Indicates the user password. A secure password should contain at least two types of the following: lowercase letters, uppercase letters, numerals, special characters (such as ! $ # %). In addition, the password cannot contain spaces or single quotation marks (').
Confirm password	Indicates the confirm password. The format is the same as that of Password.
Status	Sets the user status. User status includes active and block. If the status is set to block, the device rejects the user's authentication requests, and the user cannot change the password.

Set the parameters.
Click Confirm.

Modify a user account.
1. Click Modify next to the AAA account to be modified to display the Modify User page.
  NOTE:
  - For parameter description, see Table 1.
  - The user name is fixed and cannot be changed.
2. Set the parameters.
3. Click Confirm.
Delete a user account.
1. You can delete a user account using either of the following methods:
  - Click Delete next to the AAA account to be deleted.
  - Select the records of the AAA accounts to be deleted, and click Delete next to Create to delete the AAA accounts in batches.
  After you click Delete, the system prompts you to confirm the deletion operation.
2. Click Confirm.

Configuring RADIUS authentication

Click Configuration to display the Configuration page.
Choose AAA & NAC in the navigation tree to display the AAA & NAC page.
Click the Authentication Configuration tab to display the Authentication Configuration page.
Select an option from the User Domain Name drop-down list box in the Authentication Configuration area.

Select RADIUS Authentication for Authentication Mode.

Table 2 describes the parameters for RADIUS authentication.

**Table 2** Parameters for configuring RADIUS authentication
Parameter	Description
Server IP address	Indicates the IP address of the RADIUS server, for example, 10.10.10.1. The server IP address must have reachable routes to the switch.
Port number	Indicates the UDP port number of the RADIUS server, which is usually 1812.
Shared key	Indicates the shared key used for communication between the switch and RADIUS server. When communicating with the RADIUS server, the switch uses the shared key to encrypt the user password to ensure password security during data transmission. The value is a string of 1 to 16 case-sensitive characters without spaces, single quotes ('), and question mask (?).
Confirm shared key	Indicates the confirm shared key. The format is the same as that of the shared key.

Set the parameters.
Click Apply.