Contents

AAA commands· 1

Local user commands· 1

display local-user 1

local-user 3

password· 4

service-type· 5

AAA commands

Only the management Ethernet port supports this feature.

Local user commands

display local-user

Use display local-user to display the local user configuration and online user statistics.

Syntax

display local-user [ class manage | idle-cut { disable | enable } | service-type { ftp | http | https | ssh | telnet | terminal } | state { active | block } | user-name user-name class manage]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

class: Specifies the local user type.

manage: Device management user.

idle-cut { disable | enable }: Specifies local users by the status of the idle cut feature.

service-type: Specifies the local users that use a specific type of service.

ftp: FTP users.

http: HTTP users.

https: HTTPS users.

ssh: SSH users.

telnet: Telnet users.

terminal: Terminal users that log in through console ports.

state { active | block }: Specifies local users in active or blocked state. A local user in active state can access network services, but a local user in blocked state cannot.

user-name user-name: Specifies all local users using the specified username. The username must be a case-sensitive string of 1 to 55 characters. The name must meet the following requirements:

·     Cannot contain the domain name.

·     Cannot contain any of the following characters: forward slash (/), backslash (\), vertical bar (|), colon (:), asterisk (*), question mark (?), left angle bracket (<), right angle bracket (>), or at sign (@).

·     Cannot be a, al, or all.

Usage guidelines

If you do not specify any parameters, this command displays information about all local users.

Examples

# Display information about all local users.

<Sysname> display local-user

Total 1 local users matched.

 

Device management user root:

  State:                     Active

  Service type:              SSH/Telnet/Terminal

  Access limit:              Enabled           Max access number: 3

  Current access number:     1

  User group:                system

  Bind attributes:

  Authorization attributes:

    Work directory:          flash:

    User role list:          network-admin

  Password control configurations:

    Password aging:          3 days

  Password history was last reset: 0 days ago

Table 1 Command output

Field	Description
State	Status of the local user: active or blocked.
Service type	Service types that the local user can use.
Access limit	Whether the concurrent login limit is enabled.
Max access number	Maximum number of concurrent logins using the local user name.
Current access number	Current number of concurrent logins using the local user name.
User group	Group to which the local user belongs.
Bind attributes	Binding attributes of the local user.
Location bound	Binding port of the local user.
Authorization attributes	Authorization attributes of the local user.
Idle timeout	Idle timeout period of the user, in minutes.
Work directory	Directory that the FTP, SFTP, or SCP user can access.
User role list	Authorized roles of the local user.
Password control configurations	This field is not supported in the current software version. Password control attributes that are configured for the local user.
Password aging	Password expiration time.
Password length	Minimum number of characters that a password must contain.
Password composition	Password composition policy: ·     Minimum number of character types that a password must contain. ·     Minimum number of characters from each type in a password.
Password complexity	Password complexity checking policy: ·     Reject a password that contains the username or the reverse of the username. ·     Reject a password that contains any character repeated consecutively three or more times.
Maximum login attempts	Maximum number of consecutive failed login attempts.
Action for exceeding login attempts	Action to take on the user that failed to log in after using up all login attempts.
Password history was last reset	The most recent time that the history password records were cleared.

‌

local-user

Use local-user to add a local user and enter its view, or enter the view of an existing local user.

Use undo local-user to delete local users.

Syntax

local-user user-name [ class manage ]

undo local-user { user-name class manage | all [ service-type { ftp | http | https | ssh | telnet | terminal } | class manage ] }

Default

No local users exist.

Views

System view

Predefined user roles

network-admin

Parameters

user-name: Specifies the local user name, a case-sensitive string of 1 to 55 characters. The name must meet the following requirements:

·     Cannot contain a domain name.

·     Cannot contain any of the following characters: forward slash (/), backslash (\), vertical bar (|), colon (:), asterisk (*), question mark (?), left angle bracket (<), right angle bracket (>), or at sign (@).

·     Cannot be a, al, all, au, aut, auto, auto-, auto-d, auto-de, auto-del, auto-dele, auto-delet, or auto-delete.

class: Specifies the local user type. If you do not specify this keyword, the command adds a device management user.

manage: Device management user that can configure and monitor the device after login. Device management users can use FTP, HTTP, HTTPS, Telnet, SSH, and terminal services.

all: Specifies all users.

service-type: Specifies the local users that use a specific type of service.

ftp: FTP users.

http: HTTP users.

https: HTTPS users.

ssh: SSH users.

telnet: Telnet users.

terminal: Terminal users that log in through console ports.

Usage guidelines

The device supports multiple local users. You can create a maximum of 1024 device management users.

If the local username contains Chinese characters, make sure the endpoint software used at device login uses the same character set encoding format as the encoding format (GB18030) used by the device to save local user configuration. If they use different encoding formats, the username cannot be correctly decoded on the device, which might cause local authentication failure.

Examples

# Add a device management user named user1 and enter local user view.

<Sysname> system-view

[Sysname] local-user user1 class manage

[Sysname-luser-manage-user1]

Related commands

display local-user

service-type

password

Use password to configure a password for a device management user.

Use undo password to restore the default.

Syntax

password [ { hash | simple } string ]

undo password

Default

A device management user does not have a password and can pass authentication after entering the correct username and passing attribute checks.

Views

Device management user view

Predefined user roles

network-admin

Parameters

hash: Specifies a password encrypted by the hash algorithm.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in hashed form.

string: Specifies the password string. This argument is case sensitive. The hashed form of the password is a string of 1 to 110 characters. The plaintext form of the password is a string of 1 to 63 characters.

Usage guidelines

If you do not specify any parameters, you enter the interactive mode to set a plaintext password.

A device management user for which no password is specified can pass authentication after entering the correct username and passing attribute checks. To enhance security, configure a password for each device management user.

Examples

# Set the password to 123456TESTplat&! in plaintext form for device management user user1.

<Sysname> system-view

[Sysname] local-user user1 class manage

[Sysname-luser-manage-user1] password simple 123456TESTplat&!

# Configure the password in interactive mode for device management user test.

<Sysname> system-view

[Sysname] local-user test class manage

[Sysname-luser-manage-test] password

Password:

confirm :

Related commands

display local-user

service-type

Use service-type to specify the service types that a local user can use.

Use undo service-type to remove service types configured for a local user.

Syntax

service-type { ftp | { http | https | ssh | telnet | terminal } * }

undo service-type { ftp | { http | https | ssh | telnet | terminal } * }

Default

A local user is not authorized to use any service.

Views

Local user view

Predefined user roles

network-admin

Parameters

ftp: Authorizes the user to use the FTP service. The authorized directory can be modified by using the authorization-attribute work-directory command.

http: Authorizes the user to use the HTTP service.

https: Authorizes the user to use the HTTPS service.

ssh: Authorizes the user to use the SSH service.

telnet: Authorizes the user to use the Telnet service.

terminal: Authorizes the user to use the terminal service and log in from a console port.

Usage guidelines

You can assign multiple service types to a user.

Examples

# Authorize device management user user1 to use the Telnet and FTP services.

<Sysname> system-view

[Sysname] local-user user1 class manage

[Sysname-luser-manage-user1] service-type telnet

[Sysname-luser-manage-user1] service-type ftp

Related commands

display local-user