3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

896 CHAPTER 70: AAA, RADIUS AND HWTACACS CONFIGURATION

n

■ With the local-user password-display-mode cipher-force command

configured, the password is always displayed in cipher text, regardless of the

configuration of the password command.

Specify the

service

types for

the user

Specify the service

types for the user

service-type { lan-access | {

ssh | telnet | terminal }* [

level level ] }

Required

No service is authorized to a

user by default

Authorize the

user to use the

FTP service

service-type ftp Optional

By default, no service is

authorized to a user and

anonymous access to FTP

service is not allowed. If you

authorize a user to use the

FTP service but do not specify

a directory that the user can

access, the user can access

the root directory of the

device by default.

Set the directory

accessible to

FTP/SFTP users

work-directory

directory-name

Optional

By default, FTP/SFTP users can

access the root directory.

Authorize the

user to use the

PPP service and

configure the

callback attribute

and caller number

service-type ppp [

call-number call-number [ :

subcall-number ] |

callback-nocheck |

callback-number

callback-number ]

Optional

By default, no service is

authorized to a user and, if

the PPP service is authorized,

callback without

authentication is enabled, no

callback number is specified,

and the system does not

authenticate the caller

number of ISDN users.

Set the callback

attributes and

calling number

attributes for PPP

users

service-type ppp [

call-number call-number [ :

subcall-number ] |

callback-nocheck |

callback-number

callback-number ]

Optional

By default, the system does

not authorize users to use

any service. By default, no

authentication will be

performed for callback, no

callback number will be set,

and no calling number will be

authenticated for ISDN users

if users are authorized to use

the PPP service.‘

Set the priority level of the user level level Optional

0 by default

Set attributes for a LAN access

user

attribute { access-limit

max-user-number | idle-cut

minute | ip ip-address |

location { nas-ip ip-address

port slot-number

subslot-number port-number

| port slot-number

subslot-number port-number

} | mac mac-address | vlan

vlanid } *

Optional

If the specified user is bound

to a remote port, you must

specify the nas-ip (127.0.0.1

by default, indicating the

local device) keyword for the

user. If the user is bound to a

local port, you need not

specify the nas-ip keyword.

To do... Use the command... Remarks