R21xx-HP FlexFabric 11900 Security Configuration Guide
20
Ste
p
Command
Remarks
4. Assign services for the
local user.
• In non-FIPS mode:
service-type { ftp | { ssh | telnet
| terminal } * }
• In FIPS mode:
service-type { ssh | terminal } *
By default, no service is authorized to
a local user.
5. (Optional.) Place the local
user to the active or
blocked state.
state { active | block }
By default, a created local user is in
active state and can request network
services.
6. (Optional.) Configure
authorization attributes for
the local user.
authorization-attribute { acl
acl-number | idle-cut minute |
user-role role-name | vlan vlan-id |
work-directory directory-name } *
By default, no authorization attribute
is configured for a local user.
For Telnet and terminal users, only
the setting for user-role takes effect.
For SSH and FTP users, only the
settings for user-role and
work-directory take effect.
7. (Optional.) Configure
password control attributes
for the local user.
• Set the password aging time:
password-control aging
aging-time
• Set the minimum password
length:
password-control length length
• Configure the password
composition policy:
password-control composition
type-number type-number
[ type-length type-length ]
Optional.
By default, the local user uses
password control attributes of the
user group to which the local user
belongs.
The commands take effect only on
device management users.
8. (Optional.) Assign the
local user to a user group.
group group-name
By default, a local user belongs to the
default user group system.
Configuring user group attributes
User groups simplify local user configuration and management. A user group comprises a group of local
users and has a set of local user attributes. You can configure local user attributes for a user group to
implement centralized user attributes management for the local users in the group. Local user attributes
that are manageable include authorization attributes.
By default, every newly added local user belongs to the default user group system and bears all attributes
of the group. To assign a local user to a different user group, use the user-group command in local user
view.
To configure user group attributes:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a user group and
enter its view.
user-group group-name
By default, there is a system
predefined user group named
system, which is the default user
group.