HP FlexNetwork 10500 Series Security Configuration Manual page 34
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
•
When you use the password-control enable command to globally enable the password
control feature, local user passwords are not displayed.
•
You can configure authorization attributes and password control attributes in local user view or
user group view. The setting in local user view takes precedence over the setting in user group
view.
To configure local user attributes:
Step
1.
Enter system view.
2.
Add a local user and
enter local user view.
3.
(Optional.) Configure
a password for the
local user.
4.
Assign services to the
local user.
5.
(Optional.) Place the
local user to the active
or blocked state.
6.
(Optional.) Set the
upper limit of
concurrent logins
using the local user
name.
7.
(Optional.) Configure
binding attributes for
the local user.
Command
system-view
local-user user-name [ class
{ manage | network } ]
•
For a network access user:
password { cipher | simple }
password
•
For a device management
user:
In non-FIPS mode:
password [ { hash |
simple } password ]
In FIPS mode:
password
•
For a network access user:
service-type { advpn | ike |
lan-access | portal | ppp }
•
For a device management
user:
In non-FIPS mode:
service-type { ftp | { http |
https | pad | ssh | telnet |
terminal } * }
In FIPS mode:
service-type { https | pad
| ssh | terminal } *
state { active | block }
access-limit max-user-number
bind-attribute { call-number
call-number [ : subcall-number ] |
ip ip-address | location interface
interface-type interface-number |
mac mac-address | vlan vlan-id } *
20
Remarks
N/A
By default, no local user exists.
Network access user passwords are
encrypted with the encryption algorithm
and saved in ciphertext. Device
management user passwords are
encrypted with the hash algorithm and
saved in ciphertext.
In non-FIPS mode, a
non-password-protected user passes
authentication if the user provides the
correct username and passes attribute
checks. To enhance security, configure
a password for each local user.
In FIPS mode, only password-protected
users can pass authentication.
By default, no service is authorized to a
local user.
The advpn, ike, pad, and ppp services
are not supported in the current
software version.
By default, a created local user is in
active state and can request network
services.
By default, the number of concurrent
logins is not limited for the local user.
This command takes effect only when
local accounting is configured for the
local user. It does not apply to FTP,
SFTP, or SCP users, who do not
support accounting.
By default, no binding attribute is
configured for a local user.
The call-number binding attribute is not
supported in the current software
version.
Advertisement
Table of Contents
Troubleshooting
