17
create a guest account and specify a validity time and an expiration time for the account to control the
validity of the account.
• User group
Each local user belongs to a local user group and bears all attributes of the group, such as the
authorization attributes. For more information about local user group, see “Configuring user group
at
tr
ibutes.“
• Binding attributes
Binding attributes are used to control the scope of users. They are checked during local authentication of
a user. If the attributes of a user do not match the binding attributes configured for the local user account,
the user cannot pass authentication. Binding attributes include the ISDN calling number, IP address,
access port, MAC address, and native VLAN. For more information about binding attributes, see
“Configuring local user attributes.
“
Be cautious when deciding which binding attributes to configure for
a local user.
• Authorization attributes
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the ACL, PPP callback number, idle cut function, user level, user role, user
profile, VLAN, and FTP/SFTP work directory. For more information about authorization attributes, see
“Configuring local user attributes.“
E
very configurable authorization attribute has its definite application environments and purposes. When
you configure authorization attributes for a local user, consider which attributes are needed and which
are not.
You can configure an authorization attribute in user group view or local user view to make the attribute
effective for all local users in the group or only for the local user. The setting of an authorization attribute
in local user view takes precedence over that in user group view.
Local user configuration task list
Task Remarks
Configuring local user attributes Required
Configuring user group attributes Optional
Displaying and maintaining local users and local user groups Optional
Configuring local user attributes
Follow these steps to configure attributes for a local user:
To do… Use the command… Remarks
Enter system view system-view —
Set the password display mode for
all local users
local-user
password-display-mode { auto
| cipher-force }
Optional
auto by default, indicating to display
the password of a local user in the way
defined by the password command.
Add a local user and enter local
user view
local-user user-name
Required
No local user exists by default.