Table of Contents
Advertisement
The local users created by a network-admin or level-15 user are assigned the network-operator user
role.
Views
Local user view
User group view
Predefined user roles
network-admin
Parameters
acl acl-number
argument is 2000 to 4999. The device processes the traffic that matches the rules in the
authorization ACL based on the permit or deny statement in the rules.
idle-cut minutes
argument is 1 to 120. An online user is logged out if its idle period exceeds the specified
minutes
idle timeout period.
ip-pool
ipv4-pool-name
ipv6-pool ipv6-pool-name
ipv6-pool-name
session-timeout minutes
value range for the
expires.
user-profile profile-name
profile-name
only letters, digits, and underscores (_). The user profile restricts the behavior of authenticated users.
For more information, see Security Configuration Guide.
user-role role-name
case-sensitive string of 1 to 63 characters. A maximum of 64 user roles can be specified for a user.
For user role-related commands, see Fundamentals Command Reference for RBAC commands.
This option is available only in local user view, and is not available in user group view.
vlan vlan-id
4094. After passing authentication and being authorized a VLAN, a local user can access only the
resources in this VLAN.
work-directory directory-name
users. The
directory-name
directory must already exist.
Usage guidelines
Configure authorization attributes according to the application environments and purposes. Support
for authorization attributes depends on the service types of users.
For portal users, only the following authorization attributes take effect: acl, ip-pool, ipv6-pool,
user-profile, and session-timeout.
For LAN users, only the following authorization attributes take effect: acl, session-timeout,
user-profile, and vlan.
For SSH, Telnet, and terminal users, only the authorization attributes idle-cut and user-role take
effect.
For HTTP and HTTPS users, only the authorization attribute user-role takes effect.
For FTP users, only the authorization attributes user-role and work-directory take effect.
: Specifies an authorization ACL. The value range for the
: Specifies an idle timeout period in minutes. The value range for the
:
ipv4-pool-name
argument is a case-insensitive string of 1 to 63 characters.
argument is a case-insensitive string of 1 to 63 characters.
: Specifies the session timeout timer for the user, in minutes. The
argument is 1 to 1440. The device logs off the user after the timer
minutes
argument is a case-sensitive string of 1 to 31 characters. The name can contain
: Specifies an authorized user role. The
: Specifies an authorized VLAN. The value range for the
argument is a case-insensitive string of 1 to 255 characters. The
Specifies
an
IPv4
: Specifies an IPv6 address pool for the user. The
: Specifies an authorization user profile by its name. The
: Specifies the working directory for FTP, SFTP, or SCP
36
address
pool
for
role-name
vlan-id
acl-number
the
user.
The
argument is a
argument is 1 to
Advertisement
Chapters
Table of Contents
