27
vlan vlan-id: Specifies the authorized VLAN. vlan-id is in the range 1 to 4094. After passing
authentication, a local user can access the resources in this VLAN.
work-directory directory-name: Specifies the work directory, if the user or users use the FTP or SFTP
service. directory-name is a case-insensitive string of 1 to 135 characters. The directory must already exist.
Description
Use the authorization-attribute command to configure authorization attributes for the local user or user
group. After the local user or a local user of the user group passes authentication, the device will assign
these attributes to the user.
Use the undo authorization-attribute command to remove authorization attributes.
By default, no authorization attribute is configured for a local user or user group.
Every configurable authorization attribute has its definite application environments and purposes.
Consider the service types of users when assigning authorization attributes.
Authorization attributes configured for a user group are effective for all local users in the group. You can
group local users to improve configuration and management efficiency.
An authorization attribute configured in local user view takes precedence over the same attribute
configured in user group view. If an authorization attribute is configured in user group view but not in
local user view, the setting in user group view takes effect.
If only one user is playing the role of security log administrator in the system, you cannot delete the user
account, or remove or change the user’s role, unless you configure another user as a security log
administrator first.
Examples
# Configure the authorized VLAN of user group abc as VLAN 3.
<Sysname> system-view
[Sysname] user-group abc
[Sysname-ugroup-abc] authorization-attribute vlan 3
bind-attribute
Syntax
bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port slot-number
subslot-number port-number | mac mac-address | vlan vlan-id } *
undo bind-attribute { call-number | ip | location | mac | vlan } *
View
Local user view
Default level
3: Manage level
Parameters
call-number call-number: Specifies a calling number for ISDN user authentication. The call-number
argument is a string of 1 to 64 characters.
subcall-number: Specifies the sub-calling number. The total length of the calling number and the sub-
calling number cannot be more than 62 characters.