|
The feature was introduced in M2000 V200R010.
Summary:
This feature implements remote centralized user authentication, enhancing user security.
Currently, this feature can implement the centralized authentication based on users and based
on user roles.
Benefits:
This feature provides the centralized authentication based on users and based on user roles,
which applies to different scenarios and enhances the security of M2000 user management.
The Remote Authentication Dial-In User Service (RADIUS)-based centralized user
authentication interface helps telecom operators build a centralized user authentication
platform for the entire network. As protocol and system resources of telecom operators are
managed in a centralized manner, the OPEX and network security risks are reduced.
Description:
With the RADIUS-based centralized user authentication interface, users can remotely
authenticate user names and passwords. This interface supports password encryption based on
Challenge-Handshake Authentication Protocol (CHAP) or Password Authentication Protocol
(PAP) of RADIUS. Transmission is not encrypted by default and can be configured as
encrypted transmission based on telecom operators requirements.
Users can configure this interface in either of the following modes: - Centralized authentication management based on user accounts
In this authentication mode, the M2000 retains the local user account information,
including users, user groups, and user rights. The local user management function,
however, cannot be used any longer. As a result, the user information cannot be created,
modified, or deleted on the M2000.
Before using the centralized authentication function, users need to create a user account
and authorize the user account on the RADIUS server based on the user group to which
the user belongs. When a user logs in to the M2000 through the RADIUS server, the
RADIUS authenticates the user account and delivers the authentication result and user
role (or user group) information to the M2000. If the user account is successfully
authenticated, the M2000 authorizes the user according to the information returned by
the RADIUS server .
- Centralized authentication management based on user roles (or user groups)
In this authentication mode, the M2000 retains the local user account information,
including users, user groups, and user rights. The local user management function,
however, cannot be used any longer. As a result, the user information cannot be created,
modified, or deleted on the M2000.
Before using the centralized authentication function, users need to create a user account
and authorize the user account on the RADIUS server based on the user group to which
the user belongs. When a user logs in to the M2000 through the RADIUS server, the
RADIUS authenticates the user account and delivers the authentication result and user
role (or user group) information to the M2000. If the user account is successfully
authenticated, the M2000 authorizes the user according to the information returned by
the RADIUS server .
Dependency & Enhancement:
None
| 
Favorite (0)
Reply
