Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S5600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-21
Operation Command Description
Authorize the user to
access the specified
type(s) of service(s)
service-type { ftp |
lan-access | { telnet |
ssh | terminal }*
[ level level ] }
Required
By default, the system does
not authorize the user to
access any service.
Set the priority level of the
user
level level
Optional
By default, the priority level
of the user is 0.
Set the attributes of the
user whose service type is
lan-access
attribute { ip
ip-address | mac
mac-address | idle-cut
second | access-limit
max-user-number |
vlan vlan-id | location
{ nas-ip ip-address
port port-number |
port port-number } }*
Optional
If the user is bound to a
remote port, you must
specify the nas-ip
parameter (the following
ip-address is 127.0.0.1 by
default, representing this
device). If the user is bound
to a local port, you do not
need to specify the nas-ip
parameter.
Caution:
z The character string of user-name cannot contain “/”, “:”, “*”, “?”, “<” and “>”.
Moreover, “@” can be used no more than once.
z After the local-user password-display-mode cipher-force command is executed,
all passwords will be displayed in cipher mode even through you specify to display
user passwords in plain text by using the password command.
z If the configured authentication method (local or RADIUS) requires a user name and
a password, the command level that a user can access after login is determined by
the priority level of the user. For SSH users, when they use RSA shared keys for
authentication, the commands they can access are determined by the levels set on
their user interfaces.
z If the configured authentication method is none or requires a password, the
command level that a user can access after login is determined by the level of the
user interface.
To Next Page
Loading...
Need help?
General