R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

127

Configuring AAA schemes

Configuring local users

To implement local user authentication, authorization, and accounting, you must create local users and

configure user attributes on the device. The local users and attributes are stored in the local user

database on the device. A local user is uniquely identified by a username. Configurable local user

attributes are as follows:

• Service type

The types of the services that the user can use. Local authentication checks the service types of a local user.

If none of the service types is available, the user cannot pass authentication.

Service types include FTP, Portal, PPP, SSH, Telnet and Terminal.

• User state

Indicates whether or not a local user can request network services. There are two user states: active and

blocked. A user in the active state can request network services, but a user in the blocked state cannot.

• Maximum number of users using the same local user account

Indicates how many users can use the same local user account for local authentication.

• User group

Each local user belongs to a local user group and bears all attributes of the group, such as the password

control attributes and authorization attributes. For more information about local user group, see

“Configuring user group attributes.“

• Binding attributes

Binding attributes are used for controlling the scope of users. They are checked during local

authentication of a user. If the attributes of a user do not match the binding attributes configured for the

local user account, the user cannot pass authentication. Binding attributes include the ISDN calling

number, IP address, access port, MAC address, and native VLAN. For more information about binding

attributes, see “Configuring local user attributes.

“ Be cautious when deciding which binding attributes to

configure for a local user.

• Authorization attributes

Authorization attributes indicate the rights that a user has after passing local authentication.

Authorization attributes include the ACL, PPP callback number, idle cut function, user level, user role, user

profile, VLAN, and FTP/SFTP work directory. For more information about authorization attributes, see

“Configuring local user attributes.“

Every configurable authorization attribute has its definite application environments and purposes. When

configuring authorization attributes for a local user, consider which attributes are needed and which are

not. For example, for PPP users, you do not need to configure the work directory attribute.

You can configure an authorization attribute in user group view or local user view to make the attribute

effective for all local users in the group or for only the local user. The setting of an authorization attribute

in local user view takes precedence over that in user group view.

Local user configuration task list

Task Remarks

Configuring local user attributes Required