By default, every new local user belongs to the default user group system and has all attributes of
the group. To assign a local user to a different user group, use the group command in local user
view.
To configure user group attributes:
Step
1.
Enter system view.
2.
Create a user group and
enter user group view.
3.
Configure authorization
attributes for the user
group.
4.
(Optional.) Configure
password control attributes
for the user group.
Command
system-view
user-group group-name
authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut minutes |
ip-pool ipv4-pool-name | ipv6-pool
ipv6-pool-name | ipv6-prefix
ipv6-prefix prefix-length |
{ primary-dns | secondary-dns }
{ ip ipv4-address | ipv6
ipv6-address } |
session-group-profile
session-group-profile-name |
session-timeout minutes |
subscriber-id subscriber-id | url
url-string | user-profile
user-profile-name | vlan vlan-id |
vpn-instance vpn-instance-name |
work-directory directory-name } *
•
Set the password aging time:
password-control aging
aging-time
•
Set the minimum password
length:
password-control length
length
•
Configure the password
composition policy:
password-control
composition type-number
type-number [ type-length
type-length ]
•
Configure the password
complexity checking policy:
password-control complexity
{ same-character |
user-name } check
•
Configure the maximum login
attempts and the action to take
for login failures:
password-control
login-attempt login-times
[ exceed { lock | lock-time time
| unlock } ]
20
Remarks
N/A
By default, a system-defined
user group exists. The group
name is system.
By default, no authorization
attributes are configured for a
user group.
The user-profile
user-profile-name option takes
effect only on CSPEX cards.
By default, the user group uses
the global password control
settings. For more information,
see Security Configuration
Guide.