2-7
The local users are users set on the switch, with each user uniquely identified by a username. To make
a user who is requesting network service pass local authentication, you should add an entry in the local
user database on the switch for the user.
Follow these steps to configure the attributes of a local user:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Set the password display mode
of all local users
local-user
password-display-mode
{
cipher-force
|
auto
}
Optional
By default, the password
display mode of all access
users is
auto
, indicating the
passwords of access users are
displayed in the modes set by
the
password
command.
Add a local user and enter local
user view
local-user user-name
Required
By default, there is no local
user in the system.
Set a password for the local
user
password
{
simple
|
cipher
}
password
Required
Set the status of the local user
state
{
active
|
block
}
Optional
By default, the user is in
active
state, that is, the user is
allowed to request network
services.
Authorize the user to access
specified type(s) of service
service-type
{
ftp
|
lan-access
|
{
telnet
|
ssh
|
terminal
}*
[
level level
] }
Required
By default, the system does not
authorize the user to access
any service.
Set the privilege level of the
user
level level
Optional
By default, the privilege level of
the user is 0.
Configure the authorized VLAN
for the local user
authorization vlan string
Required
By default, no authorized VLAN
is configured for the local user.
Set the attributes of the user
whose service type is
lan-access
attribute
{
ip ip-address
|
mac
mac-address
|
idle-cut
second
|
access-limit
max-user-number
|
vlan vlan-id
|
location
{
nas-ip ip-address
port port-number
|
port
port-number
} }*
Optional
When binding the user to a
remote port, you must use
nas-ip
ip-address
to specify a
remote access server IP
address (here,
ip-address
is
127.0.0.1 by default,
representing this device).
When binding the user to a
local port, you need not use
nas-ip
ip-address
.