H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-20
To do... Use the command... Remarks
Authorize the user to
access the specified
type(s) of service(s)
service-type { ftp |
lan-access | { telnet |
ssh | terminal }* [ level
level ] }
Required
By default, the system
does not authorize the
user to access any
service.
Set the priority level of the
user
level level
Optional
By default, the priority
level of the user is 0.
Set the attributes of the
user whose service type is
lan-access
attribute { ip ip-address |
mac mac-address |
idle-cut second |
access-limit
max-user-number | vlan
vlan-id | location { nas-ip
ip-address port
port-number | port
port-number } }*
Optional
If the user is bound to a
remote port, you need to
specify the nas-ip
parameter (the following
ip-address is 127.0.0.1 by
default, representing this
device). If the user is
bound to a local port, the
nas-ip keyword is not
required.
Caution:
z The character string of user-name cannot contain “/”, “:”, “*”, “?”, “<” or “>”. Moreover,
“@” can be used no more than once.
z After the local-user password-display-mode cipher-force command is executed,
all the passwords will be displayed in cipher mode even if you have specified to
display user passwords in plain text by using the password command.
z If the configured authentication method (local or RADIUS) requires a user name and
a password, the command level that a user can access after login is determined by
the priority level of the user. For SSH users, when they use RSA shared keys for
authentication, the commands they can access are determined by the levels set on
their user interfaces.
z If the configured authentication method is none or requires a password, the
command level that a user can access after login is determined by the level of the
user interface.