Authentication

Local Authentication

Local Authentication is used as a local database for user authentication for connection request in many applications such as VPN and SSID connection request with Captive Portal, 

Creating a Local Authentication Database

  1. Navigate to Configure > Authentication > Local authentication list.
  2. Click Add local authentication.

  3. In the Add local authentication window, enter a name for the local authentication list.
  4. Select the Access level for the accessibility level of the Local authentication list.
  5. Enter a Username and Password for the authentication profile.
  6. Add more users by entering more pairs of usernames and passwords or Bulk Import to import a list of user accounts.
  7. For Bulk Import, you can download the reference sample template by clicking the Here link. The CSV-formatted file contains the local usernames and passwords using this format:  [Username] [Password]
  8. Click Browse to locate the file for bulk import.
  9. Click Save.

After a new entry is created, the following information will be displayed in the Local Authentication List:

Name

The local authentication database name.

Access Level

The authorized level of access to this authentication profile.

Entries

The number of entries of the authentication profile

Associated Devices

The number of devices that have used this authentication profile for SSID or VPN connection. Click on the number to display the devices’ information.

Associated Profiles

The number of configuration profiles that have used this authentication profile for SSID's captive portal setting. Click on the number to display the profiles’ information.

Actions

Click Edit, Export, or Delete to edit this profile, export the profile as a single file in CSV format, or delete this profile respectively.

 

Editing an Existing Local Authentication Database

  1. Navigate to Configure > Authentication > Local authentication list.
  2. From the local authentication database list, click the pencil icon under the Actions column of the database you wish to edit.

  3. In the Edit local authentication window,  you can modify the username and password for a user. Click Delete to delete a user/password entry. Or click Add below the table to add a new username/password entry.
  4. Click Save.

Deleting a Local Authentication Database

Note: You cannot delete a Local authentication database if there are devices or profiles associated with it.

  1. Navigate to Configure > Authentication > Local authentication list.
  2. From the local authentication database list, click the Delete icon under the Actions column of the database you wish to delete. ‎

  3. When prompted to confirm, click Yes.

Exporting a Local Authentication Database

  1. Navigate to Configure > Authentication > Local authentication list.
  2. From the local authentication database list, click the Export icon under the Actions column of the database you wish to export. ‎

  3. The CSV file will be downloaded in your browser's default download directory.

Authentication Servers

From the Authentication Servers page, you can configure servers that you have installed in your environment to manage network resources and control access to the resources. For example, the Sign-on with basic login for Captive Portal may use an authentication system with an LDAP or a RADIUS server to grant access to a network by authenticating users when a connection request has been issued. And for MAC filtering as an access control for a wireless network, a RADIUS server can be used to permit only authorized devices.

LDAP Server

Lightweight Directory Access Protocol (LDAP) servers help medium to large-sized companies access and maintain information services over an IP network, often used to store, access and share information within an organization.

Add an LDAP Server

  1. Navigate to Configure > Authentication > Authentication Servers.
  2. Select LDAP from the Authentication server list, then click Add.
  3. In the Add an LDAP server window, enter the information below:

Server Name

Enter a name for the server.

IP Address

Enter a valid IP address.

Port

Enter the port used for LDAP communication.

Base DN

Enter the Base DN, which is the point where the server will search for users.

Encryption

Select the encryption used for the LDAP server from the drop-down menu. You can also choose to disable encryption.

Access Level

Select between Organization, Site Tag or Site for the access level from the drop-down menu to restrict who has access to this server setting.
  1. Click Save. You can click Edit or Delete to edit or delete an entry from the list after the server configuration has been created successfully.

RADIUS Server

 Remote Authentication Dial-In User Service (RADIUS) servers are a client/server protocol that runs a background process of Windows or Linux server to maintain and manage a central database to authenticate all users/clients, giving you control over who accesses the network.

Add a RADIUS Server

  1. Navigate to Configure > Authentication > Authentication Servers.
  2. Select RADIUS from the Authentication server list, then click Add.
  3. In the Add a RADIUS server window, enter the information below:

Server Name

Enter a name for the server.

IP Address

Enter a valid IP address.

Port

Enter the RADIUS port number.

Secret

Enter the secret text string that serves as a password between hosts (2-32 characters).

RADIUS Accounting

Enable or disable accounting service for RADIUs. It collects traffic data for monitoring and billing. If this is enabled, enter the IP address, Port, Secret and Accounting interim interval of the accounting server.

Access Level

Select between Organization, Site Tag or Site for the access level from the drop-down menu to restrict who has access to this server setting.
  1. Click Save. You can click Edit or Delete to edit or delete an entry from the list after the server configuration has been created successfully.

POP3 Server

POP3  (Post Office Protocol Version 3) is a mail service protocol that allows emails to be downloaded from a mail server. POP3 mail servers can be configured for authentication process to check the username and password supplied by the client.

Add a POP3 Server

  1. Navigate to Configure > Authentication > Authentication Servers.
  2. Select POP3 from the Authentication server list, then click Add.
  3. In the Add a POP3 server window, enter the information below:

Server Name

Enter a name for the server.

IP Address

Enter the IP address of the POP3 server.

Port

Enter the port used to connect to the server.

Encryption

Select the encryption used for the POP3 server from the drop-down menu. You can also choose to disable encryption.

Certificate

Select the certificate if encryption is used. Refer to Certificate Management for more information.

Access Level

Select between Organization, Site Tag or Site for the access level from the drop-down menu to restrict who has access to this server setting.
  1. Click Save. You can click Edit or Delete to edit or delete an entry from the list after the server configuration has been created successfully.

Active Directory Server

Active Directory (AD) is a service that uses hierarchical structure for managing user account information and network resources and sharing the information to authorized users on the network.

Add a Directory Server

  1. Navigate to Configure > Authentication > Authentication Servers.
  2. Select Active Directory from the Authentication server list, then click Add.
  3. In the Add a Active Directory window, enter the information below:

 

Server Name

 

Enter a name for the server.

>

IP Address

 

Enter the IP address of the AD server.

Port

Enter the port used to connect to the server.

AD Domain

Enter the  defined domain name.

Hostname

Enter the hostname of the AD server.

Access level

Select between Organization, Site Tag or Site for the access level from the drop-down menu to restrict who has access to this server setting.
  1. Click Save. You can click Edit or Delete to edit or delete an entry from the list after the server configuration has been created successfully.

NT Domain Server

NT Domain is also a directory service as the above introduced AD service for managing user account information and network resources and sharing the information to authorized users on the network. However, Windows NT uses NetBIOS and WINS instead of DNS for naming resolution. They also differ in many other areas  such as administration scope and replication method.

Add an NT Domain Server

  1. Navigate to Configure > Authentication > Authentication Servers.
  2. Select NT Domain from the Authentication server list, then click Add.
  3. In the Add an NT Domain server window, enter the information below:

Server Name

Enter a name for the server.

IP Address

Enter the IP address of the NT Domain server.

Workgroup

Enter the Windows NT workgroup name.

Access level

Select between Organization, Site Tag or Site for the access level from the drop-down menu to restrict who has access to this server setting.
  1. Click Save. You can click Edit or Delete to edit or delete an entry from the list after the server configuration has been created successfully.