< Home

local-user time-range

Function

The local-user time-range command sets the access permission time range for a local user.

The undo local-user time-range command deletes the access permission time range for a local user.

By default, a local account can access the network anytime.

Format

local-user user-name time-range time-name

undo local-user user-name time-range

Parameters

Parameter Description Value
user-name

Indicates the local account.
The value is a string of 1 to 64 characters. It cannot contain spaces, asterisk, double quotation mark and question mark.
NOTE:

During local authentication or authorization, run the authentication-mode { local | local-case } or authorization-mode { local | local-case } command to configure case sensitivity for user names. If the parameter is set to local, user names are case-insensitive. If the parameter is set to local-case, user names are case-sensitive.

Note the following when configuring case sensitivity for user names:

  • Only the user name is case-sensitive and the domain name is case-insensitive.
  • For user security purposes, you cannot configure multiple local users with the user names that differ only in uppercase or lowercase. For example, after configuring ABC, you cannot configure Abc or abc as the user name.
  • When a device is upgraded from V200R011C10 or an earlier version to a version later than V200R011C10, all local user names in the original configuration file are saved in lowercase. When a configuration file that is manually configured or generated using the third-party tool is used for configuration restoration, local user names that differ only in uppercase or lowercase are considered as one user name and the first one among these local user names is used.
time-name

Indicates the access permission time range of the local account. time-name specifies the name of the access permission time range.

The value is a string of 1 to 32 case-sensitive characters and must begin with a letter. In addition, the word all cannot be specified as a time range name.

Views

AAA view

Default Level

3: Management level

Usage Guidelines

Use Scenario

After a local account is created, the account has no expiration date by default. To restrict the network access time of a local account, run the local-user time-range command. After the command is executed, the account can access network resources only in the specified time range.

Prerequisite

The time range has been created using the time-range command.

Precautions

If you run the local-user time-range and local-user expire-date commands in the AAA view multiple times, only the latest configuration takes effect.

After the access permission time range of an online local user is changed, the access permission time range of the user will take effect only when the user goes online next time.

Example

# Set the access permission time segment of local account hello@163.net to 9:00-18:00 from Monday to Friday.

<HUAWEI> system-view
[HUAWEI] time-range huawei 9:00 to 18:00 working-day
[HUAWEI] aaa
[HUAWEI-aaa] local-user hello@163.net time-range huawei
Parent Topic: AAA Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >