Can a user log in to an S series switch through fingerprint authentication

1

All S series switches do not support user login through fingerprint identification.

Other related questions:
Authentication-free rules applied to users through dot1x on S series switch
For S series switches except S1700 switches, after 802.1x authentication is enabled globally and on an interface, non-authentication can be implemented for specific users based on their MAC addresses. To implement this function, configure user devices' MAC addresses as static MAC addresses of a specified VLAN on the interface connected to user devices.

Prevent users failing RADIUS authentication from logging in to S series switches
Administrative users can log in to S series switches (except S1700 switches) after they pass the RADIUS authentication. Their user accounts are configured on the remote RADIUS server but not in the AAA view of a local switch. The methods of configuring switches to allow administrative users to log in after they pass the RADIUS authentication are similar.

Can users who log in to S series switches using the web network management system be authorized through HWTACACS
Users who log in to S series switches using the web network management system cannot be authorized through HWTACACS. The switches support local and remote authentication and authorization for users who log in using the web system. However, the web system supports only two authorization levels: level-0 and non-level-0, which are controlled through local user authorization. If remote authorization is used, the web system cannot obtain the user authority from the local user MIB table and grants the default level-0 authority to the user. HWTACACS authorization fails.

How to configure an authentication-free rule for Portal authentication users on S series switch
For S series switches (except the S1700) running all versions, NAC can be configured in common mode. For switches running V200R005C00 and later versions, NAC can be configured in unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only. In NAC common mode, configure an authentication-free rule to allow all Portal authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] portal free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Common Mode) - (Optional) Setting Access Control Parameters for Portal Authentication Users" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. In NAC unified mode, configure an authentication-free rule to allow all NAC authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] authentication free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Unified Mode) - (Optional) Configuring Authentication Free Rules to Assign Network Access Rights to Users" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. In NAC unified mode, configure an authentication-free rule to allow all NAC authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] free-rule-template name default_free_rule [HUAWEI-free-rule-default_free_rule] free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Unified Mode) - (Optional) Configuring Authorization Information for Authentication-free Users" in .

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top