Authentication Server Users

Use the Authentication Server Users page to add and remove users from the local authentication server user database. For some security features, such as IEEE 802.1X port-based authentication, you can configure the device to use the locally stored list of usernames and passwords to provide authentication to users instead of using an external authentication server.

Note

Note

The preconfigured users, admin and guest, are assigned to a pre-configured list named defaultList, which you cannot delete. All newly created users are also assigned to the defaultList until you specifically assign them to a different list.

You can create a text file that contains a list of IAS users to add to the database and then download the file to the switch. The following script is an example of an IAS user text file that contains three users:

configure
aaa ias-user username client-1
password my-password1
exit
aaa ias-user username client-2
password aa5c6c251fe374d5e306c62496c3bcf6 encrypted
exit
aaa ias-user username client-3
password 1f3ccb1157
exit

After the download completes, client-1, client-2, and client-3 are added to the IAS database. The password for client-2 is encrypted.

When Dot1x authentication is enabled on the ports and the authentication method is LOCAL, port access is allowed only to users in this database that provide the correct name and password.

Use the buttons to perform the following tasks:

When Add is selected from Auth Server Users list, the Add New User window opens.

Click to expand in new window

Add New Authentication User Fields

Field Description
User Name A unique name used to identify this user account. You configure the user name when you add a new user.
Password Required Select this option to indicate that the user must enter a password to be authenticated. If this option is clear, the user is required only to enter a valid user name.
Password Specify the password to associate with the user name (if required).
Confirm Re-enter the password to confirm the entry.
Encrypted Select this option to encrypt the password before it is stored on the device.

If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration.