HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 27

Command, Remarks, composition policy

Page 27 highlights

Step Command Remarks 3. Configure a password for the password [ { cipher | simple } local user. password ] Optional. A local user with no password configured directly passes authentication after providing the valid local username and attributes. To enhance security, configure a password for each local user. If none of the parameters is specified, you enter the interactive mode to set a plaintext password. This interactive mode is supported only on switches that support the password control feature. 4. Specify the service types for the local user. service-type { ftp | lan-access | By default, no service is authorized { ssh | telnet | terminal } * | web } to a local user. 5. Place the local user to the state of active or blocked. state { active | block } Optional. When created, a local user is in active state by default, and the user can request network services. 6. Set the maximum number of concurrent users of the local user account. access-limit max-user-number Optional. By default, there is no limit to the maximum number of concurrent users of a local user account. The limit is effective only for local accounting, and is not effective for FTP users. Optional. • Set the password aging time: By default, the password control password-control aging attributes of the user group to aging-time which the local user belongs • Set the minimum password apply, and any password control 7. Configure the password length: attribute that is not configured in control attributes for the local password-control length length the user group uses the global user. • Configure the password setting. The global settings include a 90-day password aging time, a composition policy: minimum password length of 10 password-control composition characters, and at least one type-number type-number password composition type and at [ type-length type-length ] least one character required for each password composition type. 8. Configure the binding attributes for the local user. bind-attribute { ip ip-address | location port slot-number subslot-number port-number | mac mac-address | vlan vlan-id } * Optional. By default, no binding attribute is configured for a local user. 17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285

17
Step
Command
Remarks
3.
Configure a password for the
local user.
password
[ {
cipher
|
simple
}
password
]
Optional.
A local user with no password
configured directly passes
authentication after providing the
valid local username and
attributes. To enhance security,
configure a password for each
local user.
If none of the parameters is
specified, you enter the interactive
mode to set a plaintext password.
This interactive mode is supported
only on switches that support the
password control feature.
4.
Specify the service types for
the local user.
service-type
{
ftp
|
lan-access
|
{
ssh
|
telnet
|
terminal
} * |
web
}
By default, no service is authorized
to a local user.
5.
Place the local user to the
state of active or blocked.
state
{
active
|
block
}
Optional.
When created, a local user is in
active state by default, and the user
can request network services.
6.
Set the maximum number of
concurrent users of the local
user account.
access-limit
max-user-number
Optional.
By default, there is no limit to the
maximum number of concurrent
users of a local user account.
The limit is effective only for local
accounting, and is not effective for
FTP users.
7.
Configure the password
control attributes for the local
user.
Set the password aging time:
password-control aging
aging-time
Set the minimum password
length:
password-control length
length
Configure the password
composition policy:
password-control composition
type-number
type-number
[
type-length
type-length
]
Optional.
By default, the password control
attributes of the user group to
which the local user belongs
apply, and any password control
attribute that is not configured in
the user group uses the global
setting. The global settings include
a 90-day password aging time, a
minimum password length of 10
characters, and at least one
password composition type and at
least one character required for
each password composition type.
8.
Configure the binding
attributes for the local user.
bind-attribute
{
ip
ip-address
|
location
port
slot-number
subslot-number
port-number
|
mac
mac-address
|
vlan
vlan-id
} *
Optional.
By default, no binding attribute is
configured for a local user.