Configuring users, Overview, Local user – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

584

Configuring users

Overview

This module allows you to configure local users, user groups, guests, and user profiles.

Local user

A local user represents a set of user attributes configured on a device (such as the user password, user
type, service type, and authorization attribute). It is uniquely identified by the username. For a user

requesting a network service to pass local authentication, you must add an entry as required in the local

user database of the device. For more information about local authentication, see "

Configuring AAA

."

User group

A user group consists of a group of local users and has a set of local user attributes. You can configure
local user attributes for a user group to implement centralized management of user attributes for the local

users in the group. All local users in a user group inherit the user attributes of the group, but if you

configure user attributes for a local user, the settings of the local user take precedence over the settings

for the user group.
By default, every newly added local user belongs to a user group named system, which is automatically

created by the system.

Guest

A guest is a local user for specific applications. You can create a guest account for portal and LAN users

to temporarily access the network.

User profile

A user profile is a configuration template for saving predefined configurations. You can configure

different items such as Quality of Service (QoS) policy, rate limit, wireless service, and AP group for

different user profiles to accommodate to different application scenarios.
During the authentication process for a user, the authentication server sends the user profile name to the
device, which then enables the configurations in the user profile. After the user passes the authentication

and accesses the device, the device restricts the user's access based on the configurations in the user

profile. When the user logs out, the device automatically disables the configurations in the user profile,

removing the restrictions on the user as a result. As the mechanism indicates, user profiles are for
restricting online users' access. If no user is online (no user is accessing the network, no user has passed

authentication, or all users have logged out), user profiles do not take effect.
With user profiles, you can:

•

Make use of system resources more granularly. For example, you can apply a QoS policy on a
per-user basis.

•

Restrict users' access rate more flexibly. For example, you can deploy traffic policing on a per-user

basis by defining a rate limit in user profiles.

•

Restrict users' access more specifically. For example, you can deploy user access control on a
per-wireless service basis by defining an SSID in user profiles. Or you can deploy user access

control on a per-AP basis by defining APs in the user profiles.