User and Domain Management Configuration on RV320 and RV325 VPN Router Series
Available Languages
Objective
The User Management page is used to configure domains and users. A domain is a subnetwork that consists of a group of clients and servers. Authentication to a domain is controlled by a local security server. The RV32x VPN Router Series supports authentication through the local database, a RADIUS server, an active directory server, or an LDAP server.
This article explains how to manage domains and users on the RV32x VPN Router Series.
Applicable Devices
• RV320 Dual WAN VPN Router
• RV325 Gigabit Dual WAN VPN Router
Software Version
• v1.1.0.09
Domain Management
Step 1. Log in to the Web Configuration Utility and choose User Management. The User Management page opens:
Step 2. Click Add in the Domain Management Table to configure a new domain. The Add Domain window appears.
Step 3. Choose the type of authentication that is used for the domain from the Authentication Type drop-down list.
• Local Database — Authentication is performed by the router.
• RADIUS — A remote RADIUS server performs authentication for the domain.
– RADIUS-PAP — Password Authentication Protocol (PAP) is an authentication protocol which only uses a simple password for authentication. This authentication is considered insecure and should only be used if the remote RADIUS server does not support a stronger authentication method.
– RADIUS-CHAP — Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol that verifies authentication through a three way handshake. This handshake takes place at the time of initial connection and at random intervals after the initial connection.
– RADIUS-MSCHAP — MS-CHAP is the Microsoft version of CHAP. The MS-CHAP format was designed to be compatible with Windows NT products.
– RADIUS-MSCHAPV2 — MS-CHAPV2 is an extension of MS-CHAP that provides a stronger encryption key.
• Active Directory — A server that runs active directory performs authentication for the domain. Active directory is a service that provides network security on a Windows domain network.
• LDAP — A remote server that runs a directory service performs authentication for the domain. Lightweight Directory Access Protocol (LDAP) is an access protocol that is used to access the directory service.
Local Database Authentication
Step 1. Enter a name for the domain in the Domain field.
Step 2. Click OK. The domain is created.
RADIUS Authentication
Step 1. Enter a name for the domain in the Domain field.
Step 2. Enter the IP address of the RADIUS server in the Radius Server field.
Step 3. Enter the password that the router uses to authenticate to the RADIUS server in the Radius PassWord field. The password allows the router and RADIUS server to encrypt passwords and exchange responses. This field should match the configured password on the RADIUS server.
Step 4. Click OK. The domain is created.
Active Directory Authentication
Step 1. Enter a name for the domain in the Domain field.
Step 2. Enter the IP address of the active directory server in the AD Server Address field.
Step 3. Enter the domain name of the active directory server in the AD Domain Name field.
Step 4. Click OK. The domain is created.
LDAP Authentication
Step 1. Enter a name for the domain in the Domain field.
Step 2. Enter the IP address of the LDAP server in the LDAP Server Address field.
Step 3. Enter the base distinguished name of the LDAP server in the LDAP Base DN field. The base DN is the location where the LDAP server searches for users when it receives an authorization request. This field should match the base DN that is configured on the LDAP server.
Step 4. Click OK. The domain is created.
Edit Domain Configuration
Step 1. Click the radio button of the domain you want to edit.
Step 2. Click Edit in the Domain Management Table to edit the domain.
Step 3. Edit the desired fields.
Step 4. Click OK. The domain configuration is updated.
Delete Domain Configuration
Step 1. Click the radio button of the domain you want to delete.
Step 2. Click Delete in the Domain Management Table to delete the domain. A warning window appears.
Step 3. Click Yes. The domain configuration is deleted.
User Management
Step 1. Log in to the Router Configuration Utility and choose User Management. The User Management page opens:
Step 2. Click Add in the User Management Table to add a new user.
Step 3. Enter the desired username in the Username field.
Step 4. Enter a password for the username in the Password field. The password is used to authenticate the user to the configured local database domain.
Step 5. Choose the group that the user is to be a part of from the Group drop-down list. Groups are used to further divide domains into smaller sub-domains. The administrator group can only contain one user. The default username/password of the administrator is cisco/cisco.
Note: Groups can be configured on the Group Management page. For more information, refer to the article Group Management on RV320 Routers.
Step 6. Choose the domain that the user is to be part of from the Domain drop-down list.
Step 7. Click Save. The new user is configured.
Edit User Management
Step 1. Check the check box of the username you want to edit.
Step 2. Click Edit in the User Management Table to edit the username.
Step 3. Edit the desired fields.
Step 4. Click Save. The username configuration is updated.
Delete User Management
Step 1. Check the check box of the username you want to delete.
Step 2. Click Delete in the User Management Table to delete the username.
Step 3. Click Save. The username configuration is deleted.
Feedback