R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

Ste

Command

Remarks

3. Configure authorization

attributes for the user group.

authorization-attribute { acl

acl-number | idle-cut minute | vlan

vlan-id | work-directory

directory-name } *

By default, no authorization

attribute is configured for a user

group.

4. (Optional.) Configure

password control attributes

for the user group.

• Set the password aging time:

password-control aging

aging-time

• Set the minimum password length:

password-control length length

• Configure the password

composition policy:

password-control composition

type-number type-number

[ type-length type-length ]

Optional.

By default, the user group uses

global settings, including a

90-day password aging time, a

minimum password length of 10

characters, and at least one

password composition type and

at least one character required

for each password composition

type. For more information about

password control commands, see

Security Command Reference.

Displaying and maintaining local users and local user groups

Execute display commands in any view.

Task Command

Display the local user

configuration and online user

statistics.

display local-user [ class { manage | network } | idle-cut { disable | enable }

| service-type { ftp | ssh | telnet | terminal } | state { active | block } |

user-name user-name | vlan vlan-id ]

Display the user group

configuration.

display user-group [ group-name ]

Configuring RADIUS schemes

A RADIUS scheme specifies the RADIUS servers that the device can cooperate with and defines a set of

parameters that the device uses to exchange information with the RADIUS servers, including the IP

addresses of the servers, UDP port numbers, shared keys, and server types.

Configuration task list

Tasks at a

lance

(Required.) Creating a RADIUS scheme

(Required.) Specifying the RADIUS authentication servers

(Optional.) Specifying the RADIUS accounting servers and the relevant parameters

(Optional.) Specifying the shared keys for secure RADIUS communication

(Optional.) Specifying a VPN for the scheme

(Optional.) Setting the username format and traffic statistics units

(Optional.) Setting the maximum number of RADIUS request transmission attempts

(Optional.) Setting the status of RADIUS servers