Bind-Attribute - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
# Assign the security-audit user role to device management user xyz as the authorized user role.
<Sysname> system-view
[Sysname] local-user xyz class manage
[Sysname-luser-manage-xyz] authorization-attribute user-role security-audit
This operation will delete all other roles of the user. Are you sure? [Y/N]:y
Related commands
display local-user
display user-group
bind-attribute
Use bind-attribute to configure binding attributes for a local user.
Use undo bind-attribute to remove binding attributes of a local user.
Syntax
bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location interface
interface-type interface-number | mac mac-address | vlan vlan-id } *
undo bind-attribute { call-number | ip | location | mac | vlan } *
Default
No binding attributes are configured for a local user.
Views
Local user view
Predefined user roles
network-admin
Parameters
call-number call-number: Specifies a calling number for PPP user authentication. The call-number
argument is a string of 1 to 64 characters. This option applies only to PPP users.
subcall-number: Specifies the subcalling number. The total length of the calling number and the
subcalling number cannot be more than 62 characters.
ip ip-address: Specifies the IP address to which the user is bound. This option applies only to 802.1X
users.
location interface interface-type interface-number: Specifies the interface to which the user is
bound. The interface-type argument represents the interface type, and the interface-number
argument represents the interface number. To pass authentication, the user must access the
network through the bound interface. This option applies only to IPoE, LAN, portal, and PPP users.
mac mac-address: Specifies the MAC address of the user in the format H-H-H. This option applies
only to IPoE, LAN, portal, and PPP users.
vlan vlan-id: Specifies the VLAN to which the user belongs. The vlan-id argument is in the range of 1
to 4094. This option applies only to IPoE, LAN, portal, and PPP users.
Usage guidelines
To perform local authentication of a user, the device matches the actual user attributes with the
configured binding attributes. If the user has a non-matching attribute or lacks a required attribute,
the user will fail authentication.
Binding attribute check takes effect on all access services. Configure the binding attributes for a user
based on the access services and make sure the device can obtain all attributes to be checked from
the user's packet. For example, you can configure an IP address binding for an 802.1X user,
52
Advertisement
