R2511-HP MSR Router Series Security Configuration Guide(V5)
24
To configure local user attributes:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Add a local user and enter
local user view.
local-user user-name By default, a local user exists.
3. Configure a password for
the local user.
• In non-FIPS mode:
password [ [ hash ] { cipher |
simple } password ]
• In FIPS mode:
password
Optional.
A local user with no password
configured directly passes
authentication after providing the valid
local username and attributes. To
enhance security, configure a
password for each local user.
If you do not specify any parameter,
you enter the interactive mode to set a
plaintext password string. The
interactive mode is available only on
devices that support the password
control feature.
In FIPS mode, you can configure a
password only in interactive mode.
4. Assign service types to the
local user.
• In non-FIPS mode:
service-type { dvpn | ftp |
lan-access | { pad | ssh |
telnet | terminal } * | portal |
ppp | web }
• In FIPS mode:
service-type { lan-access |
{ ssh | terminal } * | portal |
ppp | web }
By default, no service is authorized to a
local user.
The ftp and telnet keywords are not
supported in FIPS mode.
5. Place the local user to the
active or blocked state.
state { active | block }
Optional.
By default, a created local user is in
active state and can request network
services.
6. Set the maximum number
of concurrent users of the
local user account.
access-limit max-user-number
Optional.
By default, there is no limit to the
maximum number of concurrent users
of a local user account.
The limit is effective only on local
accounting, and is not effective on FTP
users.