R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

level configured for the user interface. For more information about user interface authentication

mode and user interface command level, see Fundamentals Configuration Guide.

• You can configure the user profile authorization attribute in local user view, user group view, and ISP

domain view. The setting in local user view has the highest priority, and that in ISP domain view has

the lowest priority. For more information about user profiles, see "Configuring user profiles."

• You cannot delete a local user who is the only security log manager in the system, nor can you

change or delete the security log manager role of the user. To do so, you must specify a new security

log manager first.

To configure local user attributes:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Add a local user and enter

local user view.

local-user user-name By default, no local user exists.

3. Configure a password for

the local user.

password [[ hash ] { cipher |

simple } password ]

Optional.

A local user with no password

configured directly passes

authentication after providing the valid

local username and attributes. To

enhance security, configure a

password for each local user.

This command is not supported in FIPS

mode. To configure a local user

password in FIPS mode, use the

password-control command.

4. Assign service types for the

local user.

service-type { dvpn | ftp |

lan-access | { ssh | telnet |

terminal } * | portal | ppp }

By default, no service is authorized to a

local user.

The lan-access keyword is supported

only on SAP interface modules that are

operating in Layer 2 mode.

The ftp and telnet keywords are not

supported in FIPS mode.

5. Place the local user to the

active or blocked state.

state { active | block }

Optional.

By default, a created local user is in

active state and can request network

services.

6. Set the maximum number

of concurrent users of the

local user account.

access-limit max-user-number

Optional.

By default, there is no limit to the

maximum number of concurrent users

of a local user account.

The limit is effective only for local

accounting, and is not effective for FTP

users.