Managing User Authentication with Quick Configuration

This section contains the following topics:

Adding a RADIUS Server for Authentication

You can use the Users Quick Configuration page for RADIUS servers to configure a RADIUS server for system authentication. This Quick Configuration page allows you to specify the IP address and secret (password) of the RADIUS server.

Figure 6 shows the Users Quick Configuration page for RADIUS servers.

Figure 6: Users Quick Configuration Page for RADIUS Servers

Image s030241.gif

To configure a RADIUS server with Quick Configuration:

In the J-Web interface, select Configuration>Quick Configuration>Users.
Under RADIUS servers, click Add to configure a RADIUS server.
Enter information into the Users Quick Configuration page for RADIUS servers, as described in Table 76.
Click one of the following buttons on the Users Quick Configuration page for RADIUS servers:
- To apply the configuration and return to the Users Quick Configuration page, click OK.
- To cancel your entries and return to the Users Quick Configuration page, click Cancel.

Table 76: Users Quick Configuration for RADIUS Servers Summary

Field	Function	Your Action
RADIUS Server
RADIUS Server Address (required)	Identifies the IP address of the RADIUS server.	Type the RADIUS server’s 32-bit IP address, in dotted decimal notation.
RADIUS Server Secret (required)	The secret (password) of the RADIUS server.	Type the secret (password) of the RADIUS server. Secrets can contain spaces. The secret used must match that used by the RADIUS server.
Verify RADIUS Server Secret (required)	Verifies the secret (password) of the RADIUS server is entered correctly.	Retype the secret of the RADIUS server.

Adding a TACACS+ Server for Authentication

You can use the Users Quick Configuration page for TACACS+ servers to configure a TACACS+ server for system authentication. This Quick Configuration page allows you to specify the IP address and secret of the TACACS+ server.

Figure 7 shows the Users Quick Configuration page for TACACS+ servers.

Figure 7: Users Quick Configuration Page for TACACS+ Servers

Image s030242.gif

To configure a TACACS+ server with Quick Configuration:

In the J-Web interface, select Configuration>Quick Configuration>Users.
Under TACACS+ servers, click Add to configure a TACACS+ server.
Enter information into the Users Quick Configuration page for TACACS+ servers, as described in Table 77.
Click one of the following buttons on the Users Quick Configuration page for TACACS+ servers:
- To apply the configuration and return to the Users Quick Configuration page, click OK.
- To cancel your entries and return to the Users Quick Configuration page, click Cancel.

Table 77: Users Quick Configuration for TACACS+ Servers Summary

Field	Function	Your Action
TACACS+ Server
TACACS+ Server Address (required)	Identifies the IP address of the TACACS+ server.	Type the TACACS+ server’s 32-bit IP address, in dotted decimal notation.
TACACS+ Server Secret (required)	The secret (password) of the TACACS+ server.	Type the secret (password) of the TACACS+ server. Secrets can contain spaces. The secret used must match that used by the TACACS+ server.
Verify TACACS+ Server Secret (required)	Verifies the secret (password) of the TACACS+ server is entered correctly.	Retype the secret of the TACACS+ server.

Configuring System Authentication

On the Users Quick Configuration page, you can configure the authentication methods the Services Router uses to verify that a user can gain access. For each login attempt, the device tries the authentication methods in order, starting with the first one, until the password matches.

If you do not configure system authentication, users are verified based on their configured local passwords.

Figure 8 shows the Users Quick Configuration page.

Figure 8: Users Quick Configuration Page

Image s030243.gif

To configure system authentication with Quick Configuration:

In the J-Web interface, select Configuration>Quick Configuration>Users.
Under Authentication Servers, select the check box next to each authentication method the device must use when users log in:
- RADIUS
- TACACS+
- Local Password
Click one of the following buttons on the Users Quick Configuration page:
- To apply the configuration and stay in the Users Quick Configuration page, click Apply.
- To apply the configuration and return to the Quick Configuration page, click OK.
- To cancel your entries and return to the Quick Configuration page, click Cancel.

Adding New Users

You can use the Users Quick Configuration page for user information to add new users to a Services Router. For each account, you define a login name and password for the user and specify a login class for access privileges.

Figure 9 shows the Quick Configuration page for adding a user.

Figure 9: Add a User Quick Configuration Page

Image s030244.gif

To configure users with Quick Configuration:

In the J-Web interface, select Configuration>Quick Configuration>Users.
Under Users, click Add to add a new user.
Enter information into the Add a User Quick Configuration page, as described in Table 78.
Click one of the following buttons on the Add a User Quick Configuration page:
- To apply the configuration and return to the Users Quick Configuration page, click OK.
- To cancel your entries and return to the Users Quick Configuration page, click Cancel.

Table 78: Add a User Quick Configuration Page Summary

Field	Function	Your Action
User Information
Username (required)	Name that identifies the user.	Type the username. It must be unique within the device. Do not include spaces, colons, or commas in the username.
Full Name	The user's full name.	Type the user's full name. If the full name contains spaces, enclose it in quotation marks. Do not include colons or commas.
Login Class (required)	Defines the user's access privilege.	From the list, select the user's login class: operator read-only super-user/superuser unauthorized This list also includes any user-defined login classes. For more information, see Login Classes.
Login Password (required)	The login password for this user.	Type the login password for this user. The login password must meet the following criteria: The password must be at least 6 characters long. You can include most character classes in a password (alphabetic, numeric, and special characters), except control characters. The password must contain at least one change of case or character class.
Verify Login Password (required)	Verifies the login password for this user.	Retype the login password for this user.