19
Step Command Remarks
3. Configure a password for the
local user.
• In non-FIPS mode:
password [ [ hash ] { cipher |
simple } password ]
• In FIPS mode:
password
Optional.
A local user with no password
configured passes authentication
after providing the valid local
username and attributes. To
enhance security, configure a
password for each local user.
If none of the parameters is
specified, you enter the interactive
mode to set a plaintext password.
This interactive mode is available
only on switches that support the
password control feature.
4. Specify the service types for
the local user.
• In non-FIPS mode:
service-type { ftp | lan-access |
{ ssh | telnet | terminal } * |
portal | web }
• In FIPS mode:
service-type { lan-access | { ssh
| terminal } * | portal | web }
By default, no service is authorized
to a local user.
5. Place the local user to the
state of active or blocked.
state { active | block }
Optional.
When created, a local user is in
active state by default, and the user
can request network services.
6. Set the maximum number of
concurrent users of the local
user account.
access-limit max-user-number
Optional.
By default, there is no limit to the
maximum number of concurrent
users of a local user account.
The limit is effective only for local
accounting, and is not effective for
FTP users.
7. Configure the password
control attributes for the local
user.
• Set the password aging time:
password-control aging
aging-time
• Set the minimum password
length:
password-control length length
• Configure the password
composition policy:
password-control composition
type-number type-number
[ type-length type-length ]
Optional.
By default, the local user uses
password control attributes of the
user group to which the local user
belongs, and uses the global
setting for any password control
attribute that is not configured in
the user group.
For more information about
password control configuration
commands, see Security
Command Reference.
8. Configure the binding
attributes for the local user.
bind-attribute { ip ip-address |
location port slot-number
subslot-number port-number | mac
mac-address | vlan vlan-id } *
Optional.
By default, no binding attribute is
configured for a local user.
To Next Page
Loading...
Need help?
General