HP FlexNetwork MSR Series Command Reference Manual page 68
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Parameters
acl acl-number: Specifies an authorization ACL. The value range for the acl-number argument is
2000 to 5999. After passing authentication, a local user can access the network resources specified
by this ACL.
callback-number callback-number: Specifies an authorized PPP callback number. The
callback-number argument is a case-sensitive string of 1 to 64 characters. After a local user passes
authentication, the device uses this number to call the user.
idle-cut minute: Sets an idle timeout period in minutes. The value range for the minute argument is 1
to 120. When the idle cut feature is enabled, an online user whose idle period exceeds the specified
idle timeout period is logged out.
ip ipv4-address: Assigns a static IPv4 address to a user after it passes authentication. This option is
available only in local user view.
ip-pool ipv4-pool-name: Specifies an IPv4 address pool. The ipv4-pool-name argument is a
case-insensitive string of 1 to 63 characters.
ipv6 ipv6-address: Assigns a static IPv6 address to a user after it passes authentication. This option
is available only in local user view.
ipv6-pool ipv6-pool-name: Specifies an IPv6 address pool. The ipv6-pool-name argument is a
case-insensitive string of 1 to 63 characters.
ipv6-prefix ipv6-prefix prefix-length: Specifies an IPv6 address prefix. The value range for the
prefix-length argument is 1 to 128.
primary-dns ip ipv4-address: Specifies the IPv4 address of the primary DNS server.
primary-dns ipv6 ipv6-address: Specifies the IPv6 address of the primary DNS server.
secondary-dns ip ipv4-address: Specifies the IPv4 address of the secondary DNS server.
secondary-dns ipv6 ipv6-address: Specifies the IPv6 address of the secondary DNS server.
session-timeout minutes: Sets the session timeout timer, in minutes. The value range for the
minutes argument is 1 to 1440. The device logs off a user after the timer expires for the user.
url url-string: Specifies the URL to which a user is redirected after it passes authentication. The
url-string argument is a case-sensitive string of 1 to 255 characters.
user-profile profile-name: Specifies an authorization user profile by its name. The profile-name
argument is a case-sensitive string of 1 to 31 characters. The name can contain only letters, digits,
and underscores (_). The user profile restricts the behavior of an authenticated user. For more
information, see Security Configuration Guide.
user-role role-name: Specifies an authorized user role. The role-name argument is a case-sensitive
string of 1 to 63 characters. Up to 64 user roles can be specified for a user. For user role-related
commands, see Fundamentals Command Reference for RBAC commands. This option is available
only in local user view, and is not available in user group view.
vlan vlan-id: Specifies an authorized VLAN. The value range for the vlan-id argument is 1 to 4094.
After passing authentication and being authorized a VLAN, a local user can access only the
resources in this VLAN.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance. The vpn-instance-name
argument is a case-sensitive string of 1 to 31 characters. After passing authentication, a user has
permission to access the network resources in the specified VPN.
work-directory directory-name: Specifies an FTP, SFTP, or SCP working directory. The
directory-name argument is a case-insensitive string of 1 to 255 characters. The directory must
already exist.
Usage guidelines
Configure authorization attributes according to the application environments and purposes. Support
for authorization attributes depends on the service types of users.
50
Advertisement
