3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

191

192

193

194

195

196

197

198

199

200

178 CHAPTER 23: AAA&RADIUS CONFIGURATION

Configuring the

Attributes of a Local

User

When local scheme is chosen as the AAA scheme, you should create local users on

the switch and configure the relevant attributes.

The local users are users set on the switch, with each user uniquely identified by a

user name. To make a user who is requesting network service pass through the local

authentication, you should add an entry in the local user database on the switch for

the user.

CAUTION:

■ After the local-user password-display-mode cipher-force command is

executed, all passwords will be displayed in cipher mode even through you specify

to display user passwords in plain text by using the password command.

■ If the configured authentication method (local or RADIUS) requires a user name

and a password, the command level that a user can access after login is

determined by the priority level of the user. For SSH users, when they use RSA

shared keys for authentication, the commands they can access are determined by

the levels set on their user interfaces.

Table 140 Configure the attributes of a local user

Operation Command Description

Enter system view system-view —

Add a local user and enter local

user view

local-user user-name Required

By default, there is no local user in

the system.

Set a password for the specified

user

password { simple |

cipher } password

Optional

Set the password display mode

of all local users

local-user

password-display-mode

{ cipher-force | auto }

Optional

By default, the password display

mode of all access users is auto,

indicating the passwords of

access users are displayed in the

modes set with the password

command.

Set the state of the specified

user

state { active | block } Optional

By default, the local users are in

the active state once they are

created, that is, they are allowed

to request network services.

Authorize

the user to

access the

specified

type(s) of

service(s)

service-type { ftp | lan-access | { telnet |

ssh | terminal }* [ level level ] }

Required

By default, the system does not

authorize the user to access any

service.

Set the priority level of the user level level Optional

By default, the priority level of the

user is 0.

Set the attributes of the user

whose service type is lan-access

attribute { ip ip-address |

mac mac-address | idle-cut

second | access-limit

max-user-number | vlan

vlan-id | location { nas-ip

ip-address port

port-number | port

port-number } }*

Optional

If the user is bound to a remote

port, you must specify the nas-ip

parameter (the following

ip-address is 127.0.0.1 by default,

representing this device). If the

user is bound to a local port, you

do not need to specify the nas-ip

parameter.