R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

21

Ste

p

Command

Remarks

10. (Optional.) Configure

binding attributes for the

local user.

bind-attribute { call-number

call-number [ : subcall-number ] | ip

ip-address | location interface

interface-type interface-number |

mac mac-address | vlan vlan-id } *

By default, no binding attribute is

configured for a local user.

Binding attribute call-number applies

only to PPP users.

Binding attribute ip applies only to

LAN users using 802.1X.

Binding attributes location, mac, and

vlan apply only to LAN users.

11. (Optional.) Configure

authorization attributes for

the local user.

authorization-attribute { acl

acl-number | callback-number

callback-number | idle-cut minute |

user-role role-name | vlan vlan-id |

work-directory directory-name } *

The following default settings apply:

• The ACL, idle timeout period, and

VLAN authorization attributes are

not configured for local users.

• FTP, SFTP, and SCP users have the

root directory of the NAS set as

the working directory. However,

the users do not have permission

to access the root directory.

• The network-operator user role is

assigned to local users that are

created by a network-admin or

level-15 user.

12. (Optional.) Configure

password control attributes

for the local user.

• Set the password aging time:

password-control aging

aging-time

• Set the minimum password

length:

password-control length length

• Configure the password

composition policy:

password-control composition

type-number type-number

[ type-length type-length ]

• Configure the password

complexity checking policy:

password-control complexity

{ same-character | user-name }

check

• Configure the maximum login

attempts and the action to take if

there is a login failure:

password-control login-attempt

login-times [ exceed { lock |

lock-time time | unlock } ]

By default, the local user uses

password control attributes of the

user group to which the local user

belongs.

Only device management users

support the password control feature.

13. (Optional.) Assign the local

user to a user group.

group group-name

By default, a local user belongs to the

default user group system.

Configuring user group attributes

User groups simplify local user configuration and management. A user group contains a group of local

users and has a set of local user attributes. You can configure local user attributes for a user group to