H3C Technologies H3C S5120 Series Switches User Manual

1-16

To do…

Use the command…

Remarks

Place the local user to the state of
active or blocked

state { active | block }

Optional

When created, a local user
is in the state of active by
default, and the user can
request network services.

Set the maximum number of user
connections using the local user
account

access-limit max-user-number

Optional

By default, there is no limit
on the maximum number of
user connections using the
same local user account.

Specify the service types for the
local user

service-type { ftp | lan-access |
{ ssh | telnet | terminal } * }

Optional

By default, no service is
authorized to a local user.

Configure the binding attributes for
the local user

bind-attribute { call-number
call-number [ : subcall-number ] |
ip ip-address | location port
slot-number subslot-number
port-number | mac mac-address
| vlan vlan-id } *

Optional

By default, no binding
attribute is configured for a
local user.

Configure the authorization
attributes for the local user

authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut
minute | level level |
user-profile profile-name | vlan
vlan-id | work-directory
directory-name } *

Optional

By default, no authorization
attribute is configured for a
local user.

Set the expiration time of the local
user

expiration-date time

Optional

Not set by default

Specify the user group for the local
user

group group-name

Optional

By default, a local user
belongs to the default user
group system.

Note that:

z

With the local-user password-display-mode cipher-force command configured, a local user

password is always displayed in cipher text, regardless of the configuration of the password

command. In this case, if you use the save command to save the configuration, all existing local

user passwords will still be displayed in cipher text after the device restarts, even if you restore the

display mode to auto.

z

The access-limit command configured for a local user takes effect only when local accounting is

used.

z

Local authentication checks the service types of a local user. If the service types are not available,

the user cannot pass authentication.

z

With an authentication method that requires the username and password, including local

authentication and RADIUS authentication, the commands that a login user can use after logging in

depend on the level of the user. With other authentication methods, which commands are available