R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

111

112

113

114

115

116

117

118

119

120

104

Every configurable authorization attribute has its definite application environments and purposes.

Consider the service types of users when assigning authorization attributes.

Authorization attributes configured for a user group are effective for all local users in the group. You can

group local users to improve configuration and management efficiency.

An authorization attribute configured in local user view takes precedence over the same attribute

configured in user group view. If an authorization attribute is configured in user group view but not in

local user view, the setting in user group view takes effect.

If only one user is playing the role of security log administrator in the system, you cannot delete the user

account, or remove or change the user's role, unless you configure another user as a security log

administrator first.

A local user can play only one role at a moment. If you perform the role configuration repeatedly, only

the last role configuration takes effect.

Examples

# Configure the authorized VLAN of local user abc as VLAN 2.

<Sysname> system-view

[Sysname] local-user abc

[Sysname-luser-abc] authorization-attribute vlan 2

# Configure the authorized VLAN of user group abc as VLAN 3.

<Sysname> system-view

[Sysname] user-group abc

[Sysname-ugroup-abc] authorization-attribute vlan 3

bind-attribute

Syntax

bind-attribute call-number call-number [ : subcall-number ]

undo bind-attribute call-number

View

Local user view

Default level

3: Manage level

Parameters

call-number call-number: Specifies a calling number for ISDN user authentication. The call-number

argument is a string of 1 to 64 characters. This option applies only to PPP users.

subcall-number: Specifies the sub-calling number. The total length of the calling number and the

sub-calling number cannot be more than 62 characters.

Description

Use bind-attribute to configure binding attributes for a local user.

Use undo bind-attribute to remove binding attributes of a local user.

By default, no binding attribute is configured for a local user.

Binding attributes are checked upon authentication of a local user. If the binding attributes of a local user

do not match the configured ones, the user fails the checking and the authentication.