Step
1.
Enter system view.
2.
Add a local user and enter
local user view.
3.
(Optional.) Configure a
password for the local
user.
4.
Assign services for the
local user.
5.
(Optional.) Place the local
user to the active or
blocked state.
6.
(Optional.) Set the upper
limit of concurrent logins
using the local user name.
7.
(Optional.) Configure
binding attributes for the
local user.
Command
system-view
local-user user-name [ class
{ manage | network } ]
•
For a network access user:
password { cipher | simple }
password
•
For a device management user:
In non-FIPS mode:
password [ { hash | simple }
password ]
In FIPS mode:
password
•
For a network access user:
service-type { lan-access | ppp
| portal }
•
For a device management user:
In non-FIPS mode:
service-type { ftp | { ssh |
telnet | terminal } * }
In FIPS mode:
service-type { ssh | terminal }
*
state { active | block }
access-limit max-user-number
bind-attribute { call-number
call-number [ : subcall-number ] | ip
ip-address | location port
slot-number subslot-number
port-number | mac mac-address |
vlan vlan-id } *
18
Remarks
N/A
By default, no local user exists.
Network access user passwords are
encrypted with the encryption
algorithm and saved in ciphertext.
Device management user passwords
are encrypted with the hash
algorithm and saved in ciphertext.
A local user with no password
configured directly passes
authentication after providing the
valid local username and attributes.
To enhance security, configure a
password for each local user.
By default, no service is authorized to
a local user.
By default, a created local user is in
active state and can request network
services.
By default, the number of concurrent
logins is not limited for the local user.
This command takes effect only when
local accounting is configured for the
local user. It does not apply to FTP
users, who do not support
accounting.
By default, no binding attribute is
configured for a local user.
Binding attribute call-number applies
only to PPP users.
Binding attribute ip applies only to
LAN users using 802.1X.
Binding attributes location, mac, and
vlan apply only to LAN users.