Operation Manual – AAA-RADIUS-HWTACACS-EAD
H3C S3600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-21
Operation Command Description
Authorize the user to
access specified type(s)
of service
service-type { ftp |
lan-access | { telnet |
ssh | terminal }* [ level
level ] }
Required
By default, the system
does not authorize the
user to access any
service.
Set the privilege level of
the user
level level
Optional
By default, the privilege
level of the user is 0.
Set the attributes of the
user whose service type
is lan-access
attribute { ip ip-address |
mac mac-address |
idle-cut second |
access-limit
max-user-number | vlan
vlan-id | location { nas-ip
ip-address port
port-number | port
port-number } }*
Optional
When binding the user to
a remote port, you must
use nas-ip ip-address to
specify a remote access
server IP address (here,
ip-address is 127.0.0.1 by
default, representing this
device). When binding the
user to a local port, you
need not use nas-ip
ip-address.
Caution:
z The following characters are not allowed in the user-name string: /:*?<>. And you
cannot input more than one “@” in the string.
z After the local-user password-display-mode cipher-force command is executed,
any password will be displayed in cipher mode even though you specify to display a
user password in plain text by using the password command.
z If a user name and password is required for user authentication (RADIUS
authentication as well as local authentication), the command level that a user can
access after login is determined by the privilege level of the user. For SSH users
using RSA shared key for authentication, the commands they can access are
determined by the levels set on their user interfaces.
z If the configured authentication method is none or password authentication, the
command level that a user can access after login is determined by the level of the
user interface.
To Next Page
Loading...
Need help?
General