Configuring users, Overview, Local user – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 605: User group, Guest, User profile, Configuring, Users
584
Configuring users
Overview
This module allows you to configure local users, user groups, guests, and user profiles.
Local user
A local user represents a set of user attributes configured on a device (such as the user password, user
type, service type, and authorization attribute). It is uniquely identified by the username. For a user
requesting a network service to pass local authentication, you must add an entry as required in the local
user database of the device. For more information about local authentication, see "
."
User group
A user group consists of a group of local users and has a set of local user attributes. You can configure
local user attributes for a user group to implement centralized management of user attributes for the local
users in the group. All local users in a user group inherit the user attributes of the group, but if you
configure user attributes for a local user, the settings of the local user take precedence over the settings
for the user group.
By default, every newly added local user belongs to a user group named system, which is automatically
created by the system.
Guest
A guest is a local user for specific applications. You can create a guest account for portal and LAN users
to temporarily access the network.
User profile
A user profile is a configuration template for saving predefined configurations. You can configure
different items such as Quality of Service (QoS) policy, rate limit, wireless service, and AP group for
different user profiles to accommodate to different application scenarios.
During the authentication process for a user, the authentication server sends the user profile name to the
device, which then enables the configurations in the user profile. After the user passes the authentication
and accesses the device, the device restricts the user's access based on the configurations in the user
profile. When the user logs out, the device automatically disables the configurations in the user profile,
removing the restrictions on the user as a result. As the mechanism indicates, user profiles are for
restricting online users' access. If no user is online (no user is accessing the network, no user has passed
authentication, or all users have logged out), user profiles do not take effect.
With user profiles, you can:
•
Make use of system resources more granularly. For example, you can apply a QoS policy on a
per-user basis.
•
Restrict users' access rate more flexibly. For example, you can deploy traffic policing on a per-user
basis by defining a rate limit in user profiles.
•
Restrict users' access more specifically. For example, you can deploy user access control on a
per-wireless service basis by defining an SSID in user profiles. Or you can deploy user access
control on a per-AP basis by defining APs in the user profiles.