R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-G TAA-compliant Router

24

Ste

p

Command

Remarks

6. Set the maximum number

of concurrent users of the

local user account.

access-limit max-user-number

Optional.

By default, there is no limit to the

maximum number of concurrent users

of a local user account.

The limit is effective only for local

accounting, and is not effective for FTP

users.

7. Configure password

control attributes for the

local user.

• Set the password aging time:

password-control aging

aging-time

• Set the minimum password

length:

password-control length

length

• Configure the password

composition policy:

password-control composition

type-number type-number

[ type-length type-length ]

Optional.

By default, the local user uses

password control attributes of the user

group to which the local user belongs,

and uses the global setting for any

password control attribute that is not

configured in the user group. The

global settings include a 90-day

password aging time, a minimum

password length of 10 characters, and

at least one password composition

type and at least one character

required for each password

composition type.

The minimum password length is 8

characters.

In FIPS mode, the value of the

type-number argument must be 4.

8. Configure binding

attributes for the local user.

bind-attribute { call-number

call-number [ : subcall-number ] |

ip ip-address | location port

slot-number subslot-number

port-number | mac mac-address |

vlan vlan-id } *

Optional.

By default, no binding attribute is

configured for a local user.

9. Configure authorization

attributes for the local user.

authorization-attribute { acl

acl-number | callback-number

callback-number | idle-cut minute

| level level | user-profile

profile-name | user-role { guest |

guest-manager | security-audit }

| vlan vlan-id | work-directory

directory-name } *

Optional.

By default, no authorization attribute is

configured for a local user.

For PPP users, only acl,

callback-number, idle-cut, and

user-profile are supported.

For LAN and portal users, only acl,

idle-cut, user-profile, and vlan are

supported.

For SSH, terminal, and Web users,

only level is supported. Only the 6602

router supports Web users.

For FTP users, only level and

work-directory are supported.

For Telnet users, only level and

user-role is supported.

For other types of local users, no

authorization attribute is supported.