250 CHAPTER 21: AAA CONFIGURATION
c
CAUTION:
■ The following characters are not allowed in the user-name string: /:*?<>. And
you cannot input more than one "@" in the string.
■ After the local-user password-display-mode cipher-force command is
executed, any password will be displayed in cipher mode even though you
specify to display a user password in plain text by using the password
command.
■ If a user name and password is required for user authentication (RADIUS
authentication as well as local authentication), the command level that a user
Tabl e 186 Configure the attributes of a local user
Operation Command Remarks
Enter system view system-view -
Set the password display
mode of all local users
local-user
password-display-mode {
cipher-force | auto }
Optional
By default, the password
display mode of all access
users is auto, indicating the
passwords of access users are
displayed in the modes set by
the password command.
Add a local user and enter
local user view
local-user user-name Required
By default, there is no local
user in the system.
Set a password for the local
user
password { simple | cipher }
password
Required
Set the status of the local user state { active | block } Optional
By default, the user is in
active state, that is, the user
is allowed to request network
services.
Authorize the user to access
specified type(s) of service
service-type { ftp |
lan-access | { telnet | ssh |
terminal }* [ level level ] }
Required
By default, the system does
not authorize the user to
access any service.
Set the privilege level of the
user
level level Optional
By default, the privilege level
of the user is 0.
Configure the authorization
VLAN for the local user
authorization vlan string Required
By default, no authorization
VLAN is configured for the
local user.
Set the attributes of the user
whose service type is
lan-access
attribute { ip ip-address |
mac mac-address | idle-cut
second | access-limit
max-user-number | vlan
vlan-id | location { nas-ip
ip-address port port-number |
port port-number } }*
Optional
When binding the user to a
remote port, you must use
nas-ip ip-address to specify a
remote access server IP
address (here, ip-address is
127.0.0.1 by default,
representing this device).
When binding the user to a
local port, you need not use
nas-ip ip-address.
To Next Page
Loading...
