Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
82
Authorization attributes configured for a user group are effective for all local users in the group. You can
group local users to improve configuration and management efficiency.
An authorization attribute configured in local user view takes precedence over the same attribute
configured in user group view. If an authorization attribute is configured in user group view but not in
local user view, the setting in user group view takes effect.
To make sure that FTP and SFTP users can access the directory after a switchover between the main card
and the backup card, do not specify slot information for the work directory.
If only one user is playing the role of security log administrator in the system, you cannot delete the user
account, or remove or change the users role, unless you configure another user as a security log
administrator first.
A local user can play only one role at a moment. If you perform the role configuration repeatedly, only
the last role configuration takes effect.
Examples
# Configure the authorized VLAN of local user abc as VLAN 2.
<Sysname> system-view
[Sysname] local-user abc
[Sysname-luser-abc] authorization-attribute vlan 2
# Configure the authorized VLAN of user group abc as VLAN 3.
<Sysname> system-view
[Sysname] user-group abc
[Sysname-ugroup-abc] authorization-attribute vlan 3
bind-attribute
Syntax
bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port port-number
| mac mac-address | vlan vlan-id } *
undo bind-attribute { call-number | ip | location | mac | vlan } *
View
Local user view
Default level
3: Manage level
Parameters
call-number call-number: Specifies a calling number for ISDN user authentication. The call-number
argument is a string of 1 to 64 characters. This keyword and argument combination is applicable to only
PPP users.
subcall-number: Specifies the sub-calling number. The total length of the calling number and the
sub-calling number cannot be more than 62 characters.
ip ip-address: Specifies the IP address of the user. This keyword and argument combination is applicable
to only 802.1X users.
location port port-number: Specifies the port to which the user is bound. The port-number argument is in
the range 0 to 1024. This keyword and argument combination is applicable to only LAN users.