3Com MSR 50 Series Configuration Manual page 1768

1768 C 93: AAA/RADIUS/HWTACACS C
HAPTER
n
ONFIGURATION
To do...
Place the local user to the
state of active or blocked
Specify Specify the
the service service types
types for for the user
the user
Authorize the
user to use the
FTP service
Authorize the
user to use the
PPP service
and configure
the callback
attribute and
caller number
Set the directory accessible
to FTP/SFTP users
Set the priority level of the
user
Set attributes for a LAN
access user
With the local-user password-display-mode cipher-force command
■
configured, the password is always displayed in cipher text, regardless of the
configuration of the password command. In this case, if you use the save
command to save the configuration, all existing local user passwords will still
be displayed in cipher text after the device restarts, even if you restore the
display mode to auto.
Local authentication checks the service types of a local user. If the service types
■
are not available, the user cannot pass authentication. During authorization, a
user with no service type configured is authorized with no service by default.
If you specify an authentication method that requires the username and
■
password, including local authentication, RADIUS authentication and
Use the command...
state { active | block }
service-type { lan-access |
{ pad | ssh | telnet | terminal
| dvpn } * [ level level ] }
service-type ftp
service-type ppp
[ call-number call-number [ :
subcall-number ] |
callback-nocheck |
callback-number
callback-number ]
work-directory
directory-name
level level
attribute { access-limit
max-user-number | idle-cut
minute | ip ip-address |
location { nas-ip ip-address
port slot-number
subslot-number port-number |
port slot-number
subslot-number port-number }
| mac mac-address | vlan
vlan-id } *
Remarks
Optional
When created, a local user is in
the state of active by default,
and the user can request
network services.
Required
No service is authorized to a user
by default
Optional
By default, no service is
authorized to a user and
anonymous access to FTP service
is not allowed. If you authorize a
user to use the FTP service, the
user can access the root
directory of the device by
default.
Optional
By default, no service is
authorized to a user and, if the
PPP service is authorized,
callback without authentication
is enabled, no callback number is
specified, and the system does
not authenticate the caller
number of ISDN users.
Optional
By default, FTP/SFTP users can
access the root directory.
Optional
0 by default
Optional
If the user is bound to a remote
port, s/he must specify the
nas-ip parameter. If the user is
bound to a local port, s/he need
not specify the nas-ip
parameter. The default value of
nas-ip is 127.0.0.1, meaning
the current host.