H3C S7500E Series Ethernet Switches Operation Manual
Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-21
To do… Use the command… Remarks
Place the local user to the
state of active or blocked
state { active | block }
Optional
When created, a local
user is in the state of
active by default, and
the user can request
network services.
LAN access,
Telnet,
terminal, SSH
services
service-type { lan-access
| { ssh | telnet | terminal } *
[ level level ] }
Optional
No service is authorized
to a user by default
Specify
the
service
types for
the user
FTP service
service-type ftp
[ ftp-directory directory]
Optional
By default, no service is
authorized to a user and
anonymous access to
FTP service is not
allowed. If you authorize
a user to use the FTP
service but do not
specify a directory that
the user can access, the
user can access the root
directory of the device
by default.
Set the directory
accessible to FTP/SFTP
users
work-directory
directory-name
Optional
By default, FTP/SFTP
users can access the
root directory.
Set the priority level of the
user
level level
Optional
0 by default
Set attributes for a LAN
access user
attribute { access-limit
max-user-number |
idle-cut minute | ip
ip-address | location
{ nas-ip ip-address port
slot-number
subslot-number
port-number | port
slot-number
subslot-number
port-number } | mac
mac-address | vlan
vlan-id } *
Optional
If the user is bound to a
remote port, the nas-ip
parameter must be
specified. If the user is
bound to a local port, the
nas-ip parameter does
not need to be specified.
The default value of
nas-ip is 127.0.0.1,
meaning the current
host.