19
Local user configuration task list
(Required.) Configuring local user attributes
(Optional.) Configuring user group attributes
(Optional.) Displaying and maintaining local users and local user groups
Configuring local user attributes
When you configure local user attributes, follow these guidelines:
• When you use the password-control enable command to globally enable the password
control feature, local user passwords are not displayed.
• You can configure authorization attributes and password control attributes in local user view or
user group view. The setting in local user view takes precedence over the setting in user group
view.
• Configure authorization attributes according to the application environments and purposes.
Support for authorization attributes depends on the service types of users.
ï‚¡ For LAN and portal users, only the following authorization attributes are effective: acl,
user-profile, and vlan.
ï‚¡ For HTTP and HTTPS users, only the authorization attribute user-role is effective.
ï‚¡ For Telnet and terminal users, only the following authorization attributes are effective:
idle-cut and user-role.
ï‚¡ For SSH users, only the following authorization attributes are effective: idle-cut, user-role,
and work-directory.
ï‚¡ For FTP users, only the following authorization attributes are effective: user-role and
work-directory.
ï‚¡ For other types of local users, no authorization attribute is effective.
• Configure the location binding attribute based on the service types of users.
ï‚¡ For 802.1X users, specify the 802.1X-enabled Layer 2 Ethernet interfaces through which
the users access the device.
ï‚¡ For MAC authentication users, specify the MAC authentication-enabled Layer 2 Ethernet
interfaces through which the users access the device.
ï‚¡ For portal users, specify the portal-enabled interfaces through which the users access the
device. Specify the Layer 2 Ethernet interfaces if portal is enabled on VLAN interfaces and
the portal roaming enable command is not configured.
To configure local user attributes:
1. Enter system view.
system-view
N/A
2. Add a local user and enter
local user view.
local-user
user-name [
class
{
manage
|
network
} ]
By default, no local user exists.
3. (Optional.)
Configure a
password for the local
user.
• For a network access user:
password { cipher | simple }
password
•
user:
ï‚¡ In non-FIPS mode:
password [ { hash |
simple } password ]
ï‚¡ In FIPS mode:
Network access user passwords are
encrypted with the encryption
algorithm and saved in ciphertext.
passwords are encrypted with the
hash algorithm and saved in
ciphertext.
In non-
non-password-
protected user
passes authentication if the user
To Next Page
Loading...
Need help?
General