beautypg.com

Configuring aaa schemes, Configuring local users – H3C Technologies H3C S12500-X Series Switches User Manual

Page 30

background image

18

Tasks at a glance

(Required.) Perform at least one of the following tasks to configure local users or AAA schemes:

686H

Configuring local users

687H

Configuring RADIUS schemes

688H

Configuring HWTACACS schemes

689H

Configuring LDAP schemes

(Required.) Configure AAA methods for ISP domains:

1.

(Required.)

690H

Creating an ISP domain

2.

(Optional.)

691H

Configuring ISP domain attributes

3.

(Required.) Perform at least one of the following tasks to configure AAA authentication, authorization, and

accounting methods for the ISP domain:

{

692H

Configuring authentication methods for an ISP domain

{

693H

Configuring authorization methods for an ISP domain

{

694H

Configuring accounting methods for an ISP domain

(Optional.)

695H

Enabling the session-control feature

(Optional.)

696H

Setting the maximum number of concurrent login users

18B

Configuring AAA schemes

This section includes information on configuring local users, RADIUS schemes, HWTACACS schemes,

and LDAP schemes.

162B

Configuring local users

To implement local authentication, authorization, and accounting, create local users and configure user
attributes on the device. The local users and attributes are stored in the local user database on the device.

A local user is uniquely identified by the combination of a username and a user type. Local users are

classified into the following types:

Device management user—User who logs in to the device for device management.

Network access user—User who accesses network resources through the device.

Configurable local user attributes are:

Service type—Services that the user can use. Local authentication checks the service types of a local
user. If none of the service types is available, the user cannot pass authentication.
Service types include FTP, LAN access, SSH, Telnet, and terminal.

User state—Whether or not a local user can request network services. There are two user states:
active and blocked. A user in active state can request network services, but a user in blocked state
cannot.

Upper limit of concurrent logins using the same user name—Maximum number of users who can
concurrently access the device by using the same user name. When the number of local users using

the same user name reaches the upper limit, no more local users can access the device by using that

user name.

User group—Each local user belongs to a local user group and has all attributes of the group, such
as the password control attributes and authorization attributes. For more information about local
user group, see "

697H

Configuring user group attributes

."

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: