21 
• Binding attributes—Binding attributes control the scope of users, and are checked during 
local authentication of a user. If the attributes of a user do not match the binding attributes 
configured for the local user account, the user cannot pass authentication. Binding attributes 
include the IP address, access port, MAC address, and native VLAN. For support and usage 
information about binding attributes, see "Configuring local user attributes."
 
• Authorization attributes—Authorization attributes indicate the user's rights after it passes 
local authentication. For support information about authorization attributes, see "Configuring 
local u
ser attributes." 
Configure the authorization attributes based on the service type of local users. 
You can configure an authorization attribute in user group view or local user view. The setting of 
an authorization attribute in local user view takes precedence over the attribute setting in user 
group view. 
{  The attribute configured in user group view takes effect on all local users in the user group. 
{  The attribute configured in local user view takes effect only on the local user. 
•  Password control attributes—Password control attributes help control password security for 
device management users. Password control attributes include password aging time, minimum 
password length, password composition checking, password complexity checking, and login 
attempt limit. 
You can configure a password control attribute in system view, user group view, or local user 
view. A password control attribute with a smaller effective range has a higher priority. For more 
information about password management and global password configuration, see "Configuring 
password co
ntrol." 
• Validity period—Time period in which a network access user is considered valid for 
authentication. 
Local user configuration task list 
Tasks at a glance 
(Required.) Configuring local user attributes
 
(Optional.) Configuring user group attributes 
(Optional.) Configuring the auto-delete feature of local users 
 
Configuring local user attributes 
When you configure local user attributes, follow these guidelines:  
•  When you use the password-control enable command to globally enable the password 
control feature, local user passwords are not displayed. 
•  You can configure authorization attributes and password control attributes in local user view or 
user group view. The setting in local user view takes precedence over the setting in user group 
view. 
•  Configure the location binding attribute based on the service types of users. 
{  For 802.1X users, specify the 802.1X-enabled Layer 2 Ethernet interfaces through which 
the users access the device. 
{  For MAC authentication users, specify the MAC authentication-enabled Layer 2 Ethernet 
interfaces through which the users access the device. 
{  For portal users, specify the portal-enabled interfaces through which the users access the 
device. Specify the Layer 2 Ethernet interfaces if portal is enabled on VLAN interfaces and 
the portal roaming enable command is not configured. 
To configure local user attributes: