local-user service-type(AAA view)

Function

The local-user service-type command sets an access type for a local user.

The undo local-user service-type command restores the default setting.

By default, a local user cannot use any access type.

Format

local-user user-name service-type none

local-user user-name service-type { { terminal | telnet | ftp | ssh | qx | snmp | mml | http } * | ppp }

undo local-user user-name service-type

Parameters

Parameter Description Value
user-name

Specifies the user name.

The value is a string of 1 to 253 case-insensitive characters without spaces. If the value includes @, the characters before @ are the user name and the characters after @ are the domain name. If the value excludes @ or the domain name does not exist, the entire string is the user name and the user belongs to the default domain. A user name cannot contain two or more @s.

When the user security policy is configured, the value is a string of 6 to 253 characters. When the user security policy is not configured, the value is a string of 1 to 253 characters.

The user name cannot contain spaces or the following special characters: /, \, :, *, ?, ", <, >, |, @, ', %.
terminal

Sets the access type of the local user to Terminal.

In VS mode, this parameter is supported only by the admin VS.

-
telnet

Sets the access type of the local user to Telnet. Commonly, the network administrator' s access type is Telnet.

If telnet is configured, please enable the telnet server function.

-
ftp

Sets FTP as an access type for the local user.

-
ppp

Sets the access type of the local user to PPP.

-
ssh

Sets the access type of the local user to SSH.

-
qx

Sets the access type of the local user to QX.

In VS mode, this parameter is supported only by the admin VS.

-
snmp

Sets the access type of the local user to SNMP.

-
mml

Sets the access type of the local user to MML.

In VS mode, this parameter is supported only by the admin VS.

-
none

Sets the access type of the local user to none.

-
http

Sets the access type of the local user to HTTP.

-
all

Sets the access type of the local user to all.

-

Views

AAA view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
aaa write

Usage Guidelines

Usage Scenario

After passing the authentication of a certain mode, a local user may access the device through Telnet and modify the device configuration. To exclude this possibility, you need to run the local-user service-type command to limit the access type of the local user. The system provides management of user access types. After the access type of a local user is set, the user can access the device only when the actual user access type is the same as the preset one.

Precautions

A local user attribute change does not apply to online users. The change takes effect after the online users relog in.

The Terminal, Telnet and FTP access types pose a security risk, and therefore the SSH access type is recommended.

Example

# Set the access type of the local user Hello123@huawei.net to SSH.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] local-user Hello123@huawei.net password irreversible-cipher Hello-13579
[~HUAWEI-aaa] local-user Hello123@huawei.net service-type ssh
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >