Managing User Authentication

This section contains the following topics:

• Adding a RADIUS Server or TACACS Server for Authentication
• Configuring System Authentication
• Adding New Users

Adding a RADIUS Server or TACACS Server for Authentication

You can use the User Management page to configure a RADIUS server or TACACS server for system authentication.

To configure a RADIUS server or TACACS server:

1. In the J-Web interface, select Configure>System Properties>User Management.
2. Click Edit. The Edit User Management dialog box appears.
3. Select the Authentication Method and Order tab.
4. In the RADIUS section or TACACS section, click Add. Either the Add Radius Server dialog box or Add TACACS Server dialog box appears.
5. In the IP Address field, enter the server’s 32–bit IP address.
6. In the Password and Confirm Password fields, enter the secret password for the server and verify your entry.
7. In the Server Port field, enter the appropriate port.
8. In the Source Address field, enter the source IP address of the server.
9. In the Retry Attempts field, specify the number of times that the server should try to verify the user’s credentials.
10. In the Time Out field, specify the amount of time (in seconds) the device should wait for a response from the server.
11. Click OK.

Configuring System Authentication

You can use the User Management page to configure the authentication methods that the device uses to verify that a user can gain access. For each login attempt, the device tries the authentication methods in order, starting with the first one, until the password matches.

If you do not configure system authentication, users are verified based on their configured local passwords.

To configure system authentication:

1. In the J-Web interface, select Configure>System Properties>User Management.
2. Click Edit. The Edit User Management dialog box appears.
3. Select the Authentication Method and Order tab.
4. Under Available Methods, select the authentication method the device should use to authenticate users, and use the arrow button to move the item to the Selected Methods list. Available methods include:
   • RADIUS
   • TACACS+
   • Local Password

   If you want to use multiple methods to authenticate users, repeat this step to add the additional methods to the Selected Methods list.

5. Under Selected Methods, use the up and down arrows to specify the order in which the device should execute the authentication methods.
6. Click OK.

Adding New Users

You can use the User Management page to add new users to the device’s local database. For each account, you define a login name and password for the user and specify a login class for access privileges.

To configure users:

1. In the J-Web interface, select Configure>System Properties>User Management.
2. Click Edit. The Edit User Management dialog box appears.
3. Select the Users tab.
4. Click Add to add a new user. The Add User dialog box appears.
5. In the User name field, enter a unique name for the user.

   Do not include spaces, colons, or commas in the username.

6. In the User ID field, enter a unique ID for the user.
7. In the Full Name field, enter the user’s full name.

   If the full name contains spaces, enclose it in quotation marks. Do not include colons or commas.

8. In the Password and Confirm Password fields, enter a login password for the user and verify your entry. The login password must meet the following criteria:
   • The password must be at least 6 characters long.
   • You can include most character classes in a password (alphabetic, numeric, and special characters), except control characters.
   • The password must contain at least one change of case or character class.
9. From the Login Class list, select the user’s access privilege:
   • operator
   • read-only
   • unauthorized

   This list also includes any user-defined login classes. For more information, see Login Classes.

10. Click OK in the Add User dialog box and Edit User Management dialog box.