278 CHAPTER 11: 802.1X CONFIGURATION
Setting the Attributes of Local Users
Perform the following configurations in Local User View.
Table 311 Setting/Removing the Attributes Concerned with a Specified User
Note the following two items when you configure these service types: SSH, Telnet
or Terminal.
■ When you configure a new service type for a user, the system adds the
requested service-type to any existing configuration. For example, if the user
previously had just Telnet access, and SSH was added, the user would now
have access to bothTelnet and SSH.
■ You can set user level when you configure a service type. If you set multiple
service types and specify the user levels, then only the last configured user level
is valid. Some of the service types allow a user-priviledge level to be entered as
an optional extra parameter. For example Telnet, Terminal & SSH.
However, the user-priviledge level is a global value for all service types. Entering
the following two commands will result in the user having a level of 3 for all
service types. In this case both telnet and SSH:
[5500-luser-adminpwd]service-type telnet level 1
[5500-luser-adminpwd]service-type ssh level 3
You can use either level or service-type command to specify the level for a
local user. If both of these two commands are used, the latest configuration will
take effect.
Disconnecting a User by
Force
Sometimes it is necessary to disconnect a user or a category of users by force. The
system provides the following command to serve this purpose.
Perform the following configurations in System View.
Operation Command
Set a password for a specified user password { simple | cipher }
password
Remove the password set for the
specified user
undo password
Set the state of the specified user state { active | block }
Set a priority level for the user level
level
Restore the default priority level undo level
Set a service type for the specified
user
service-type { ftp [ ftp-directory
directory
] | lan-access | { ssh |
telnet | terminal }* }
Cancel the service type of the
specified user
undo service-type { ftp [ ftp-directory
] | lan-access | { ssh | telnet |
terminal }* [ level
level
] }
Configure the attributes of
lan-access users
attribute { ip
ip_address
| mac
mac_address
| idle-cut
second
|
access-limit
max_user_number
| vlan
vlanid
| location { nas-ip
ip_address
port
portnum
| port
portnum
} }*
Remove the attributes defined for
the lan-access users
undo attribute { ip | mac | idle-cut |
access-limit | vlan | location }*
To Next Page