Step
2.
Create a user group and
enter user group view.
3.
Configure authorization
attributes for the user group.
4.
(Optional.) Configure
password control attributes
for the user group.
Displaying and maintaining local users and local user groups
Execute display commands in any view.
Task
Display the local user
configuration and online user
statistics.
Display the user group
configuration.
Configuring RADIUS schemes
A RADIUS scheme specifies the RADIUS servers that the device can work with and defines a set of
parameters. The device uses the parameters to exchange information with the RADIUS servers, including
the server IP addresses, UDP port numbers, shared keys, and server types.
Command
user-group group-name
authorization-attribute { acl
acl-number | idle-cut minute |
user-profile profile-name | vlan
vlan-id | work-directory
directory-name } *
•
Set the password aging time:
password-control aging
aging-time
•
Set the minimum password length:
password-control length length
•
Configure the password
composition policy:
password-control composition
type-number type-number
[ type-length type-length ]
•
Configure the password
complexity checking policy:
password-control complexity
{ same-character | user-name }
check
•
Configure the maximum login
attempts and the action to take for
login failures:
password-control login-attempt
login-times [ exceed { lock |
lock-time time | unlock } ]
Command
display local-user [ class { manage | network } | idle-cut { disable | enable }
| service-type { ftp | http | https | lan-access | portal | ssh | telnet |
terminal } | state { active | block } | user-name user-name | vlan vlan-id ]
display user-group [ group-name ]
22
Remarks
By default, there is a
system-defined user group named
system, which is the default user
group.
By default, no authorization
attribute is configured for a user
group.
Optional.
By default, the user group uses
the global password control
settings. For more information,
see
"Configuring password
control."