Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
51525354555657585960
40
Authorization attributes configured for a user group are effective for all local users in the group. You can
group local users to improve configuration and management efficiency.
An authorization attribute configured in local user view takes precedence over the same attribute
configured in user group view. If an authorization attribute is configured in user group view but not in
local user view, the setting in user group view takes effect.
To make sure that FTP and SFTP users can access the directory after a switchover between the main MPU
and the backup MPU, do not specify slot information for the work directory.
If only one user is playing the role of security log administrator in the system, you cannot delete the user
account or remove or change the user's role, unless you first configure another user as a security log
administrator.
A local user can play only one role at a time. If you perform the role configuration repeatedly, only the
last role configuration takes effect.
Examples
# Configure the authorized VLAN of local user abc as VLAN 2.
<Sysname> system-view
[Sysname] local-user abc
[Sysname-luser-abc] authorization-attribute vlan 2
# Configure the authorized VLAN of user group abc as VLAN 3.
<Sysname> system-view
[Sysname] user-group abc
[Sysname-ugroup-abc] authorization-attribute vlan 3
bind-attribute
Use bind-attribute to configure binding attributes for a local user.
Use undo bind-attribute to remove binding attributes of a local user.
Syntax
bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port slot-number
subslot-number port-number | mac mac-address | vlan vlan-id } *
undo bind-attribute { call-number | ip | location | mac | vlan } *
Default
No binding attribute is configured for a local user.
Views
Local user view
Default command level
3: Manage level
Parameters
call-number call-number: Specifies a calling number for ISDN user authentication. The call-number
argument is a string of 1 to 64 characters. This option applies only to PPP users.
subcall-number: Specifies the sub-calling number. The total length of the calling number and the
sub-calling number cannot be more than 62 characters.