Configuring local authentication, Configuring radius authentication – H3C Technologies H3C MSR 50 User Manual

65

•

Password—Authenticates only a user's password.

•

Password+Certificate—Authenticates a user's password and client certificate.

•

Certificate—Authenticates only a user's client certificate.

RADIUS authentication supports only two authentication policies: password and password+certificate.

Configuring local authentication

Local authentication authenticates users by using the user information saved on the SSL VPN gateway.

This authentication method is the fastest because user information is locally saved, and the SSL VPN
gateway does not need to exchange information with an external authentication server. However, the

number of local users is limited by the capacity of the SSL VPN gateway.

1.

Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation tree.
The Local Authentication tab appears.

Figure 439 Local authentication

2.

Select an authentication mode for local authentication. Options include Password,
Password+Certificate, and Certificate.

3.

Click Apply.

Configuring RADIUS authentication

The RADIUS protocol is a distributed, client/server mode information exchange protocol for protecting

networks against unauthorized access. It is usually deployed in networks that require secure remote

access. The SSL VPN system can cooperate with the existing RADIUS server of an enterprise seamlessly

to provide RADIUS authentication. Users in the enterprise can use their original accounts for RADIUS
authentication through SSL VPN.
To enable RADIUS authentication in the SSL VPN system, navigate to Advanced > RADIUS page to

configure a RADIUS scheme named system. For more configuration information, see "Configuring

RADIUS."
For successful RADIUS authentication of a user, you must also configure the account information and the

user group attribute information for the user on the RADIUS authentication server, and make sure the user

groups configured on the RADIUS authentication server exist on the SSL VPN gateway. Otherwise, the

user cannot log in. The number of user groups that the gateway supports for a user has a limit. Make sure
the number of user groups specified for a user on the authentication server is equal to or less than the

limit.

1.

Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation tree.

2.

Click the RADIUS Authentication tab to enter the RADIUS authentication configuration page.