Configuring Aaa Schemes; Configuring Local Users - HP 3600 v2 Series Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
Configuring AAA schemes
Configuring local users
To implement local user authentication, authorization, and accounting, you must create local users and
configure user attributes on the switch. The local users and attributes are stored in the local user database
on the switch. A local user is uniquely identified by a username. Configurable local user attributes are as
follows:
Service type.
•
Types of services that the user can use. Local authentication checks the service types of a local user.
If none of the service types is available, the user cannot pass authentication.
Service types include FTP, LAN access, portal, SSH, Telnet, terminal, and Web.
User state.
•
Indicates whether or not a local user can request network services. There are two user states: active
and blocked. A user in active state can request network services, but a user in blocked state
cannot.
Maximum number of users using the same local user account.
•
Indicates how many users can use the same local user account for local authentication.
•
Validity time and expiration time.
Indicates the validity time and expiration time of a local user account. A user must use a valid local
user account to pass local authentication. For temporary network access requirements, you can
create a guest account and specify a validity time and an expiration time for the account to control
the validity of the account.
User group.
•
Each local user belongs to a local user group and bears all attributes of the group, such as the
password control attributes and authorization attributes. For more information about local user
group, see
Password control attributes.
•
Password control attributes help you control the security of local users' passwords. Password
control attributes include password aging time, minimum password length, and password
composition policy.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, all local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see
password
Binding attributes.
•
Binding attributes are used to control the scope of users. They are checked during local
authentication of a user. If the attributes of a user do not match the binding attributes configured for
the local user account, the user cannot pass authentication. Binding attributes include the ISDN
calling number, IP address, access port, MAC address, and native VLAN. For more information
about binding attributes, see
binding attributes to configure for a local user.
Authorization attributes.
•
"Configuring user group
control."
"Configuring local user
attributes."
attributes." Be cautious when deciding which
17
"Configuring
Advertisement
Table of Contents
Troubleshooting
