Manualshelf

R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router
41424344454647484950
35
location interface interface-type interface-number: Specifies the interface to which the user is bound. The
interface-type argument represents the interface type, and the interface-number argument represents the
interface number. To pass authentication, the user must access the network through the bound interface.
mac mac-address: Specifies the MAC address of the user in the format H-H-H.
vlan vlan-id: Specifies the VLAN to which the user belongs. The vlan-id argument is in the range of 1 to
4094.
Usage guidelines
Binding attributes are checked upon authentication of a local user. If the local user has a non-matching
attribute or lacks a required attribute, user authentication fails.
When you configure binding attributes for a local user, verify the following items:
The device can obtain from the user's packet all attributes for checking. For example, you can
configure an IP address binding for an 802.1X user, because 802.1X authentication can include the
user's IP address in the packet. However, you cannot configure IP address bindings for MAC
authentication users, because MAC authentication does not use IP addresses.
The binding interface type must meet the requirements of the local user. For example, you can bind
an 802.1X user to a physical port. If you bind the 802.1X user to a logical interface (for example,
a VLAN interface), the user will fail the local authentication.
Examples
# Bind IP address 3.3.3.3 with the network access user abc.
<Sysname> system-view
[Sysname] local-user abc class network
[Sysname-luser-network-abc] bind-attribute ip 3.3.3.3
Related commands
display local-user
display local-user
Use display local-user to display the local user configuration and online user statistics.
Syntax
display local-user [ class { manage | network } | idle-cut { disable | enable } | service-type { ftp |
lan-access | portal | ppp | ssh | telnet | terminal } | state { active | block } | user-name user-name |
vlan vlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
class: Specifies the local user type.
manage: Device management user.
network: Network access user.
idle-cut { disable | enable }: Specifies local users with the idle cut function disabled or enabled.