Manualshelf

R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
51525354555657585960
44
Parameters
acl acl-number: Specifies the authorization ACL. The ACL number is in the range of 2000 to 5999. After
passing authentication, a local user is authorized to access the network resources specified by this ACL.
callback-number callback-number: Specifies the authorized PPP callback number. The callback-number
argument is a case-sensitive string of 1 to 64 characters. After a local user passes authentication, the
device uses this number to call the user.
idle-cut minute: Sets the idle timeout period. With the idle cut function enabled, an online user whose idle
period exceeds the specified idle timeout period is logged out. The minute argument indicates the idle
timeout period in the range of 1 to 120 minutes.
level level: Specifies the user level, which can be 0 for visit level, 1 for monitor level, 2 for system level,
and 3 for manage level. A smaller number means a lower level. This parameter determines the command
level for login users whose user interfaces perform AAA authentication. By default, the user level is 0, and
users can use only commands of level 0 after login.
user-profile profile-name: Specifies the authorization user profile. The profile-name argument is a
case-sensitive string of 1 to 32 characters. It can contain letters, digits, and underscores (_), and must
start with a letter. After a user passes authentication and gets online, the device uses the settings in the
user profile to restrict the access behavior of the user. For more information about user profiles, see
Security Configuration Guide.
user-role: Specifies the role for the local user. This keyword is available in only local user view. Users
playing different roles can access different levels of commands. If you specify no role for a local user, the
access right of the user after login depends on other authorization attributes. Supported roles include:
guest: A guest user account is usually created through the Web interface.
guest-manager: An authenticated guest manager can manage guest user accounts on Web pages.
security-audit: An authenticated security log administrator can manage security log files. The
commands that a security log administrator can use are described in the information center
commands. For more information, see Network Management and Monitoring Command
Reference.
vlan vlan-id: Specifies the authorized VLAN. The value range for the vlan-id argument is 1 to 4094. After
passing authentication, a local user can access the resources in this VLAN.
work-directory directory-name: Specifies the work directory, if the user or users use the FTP or SFTP
service. The directory-name argument is a case-insensitive string of 1 to 135 characters. The directory
must already exist. By default, an FTP or SFTP user can access the root directory of the device.
Usage guidelines
Every configurable authorization attribute has its definite application environments and purposes.
Consider the service types of users when assigning authorization attributes.
Authorization attributes configured for a user group are effective for all local users in the group. You can
group local users to improve configuration and management efficiency.
An authorization attribute configured in local user view takes precedence over the same attribute
configured in user group view. If an authorization attribute is configured in user group view but not in
local user view, the setting in user group view takes effect.
To make sure that FTP and SFTP users can access the directory after a switchover between the main card
and the backup card, do not specify slot information for the work directory.