local-user (branch AP group view)
Function
The local-user command creates a local user and configures parameters of the local user.
The undo local-user command deletes a local user.
By default, no local user is created.
Format
local-user user-name password cipher password [ state { block | active } [ service-type 8021x ] ]
local-user user-name state { block | active } [ password cipher password ]
local-user user-name service-type 8021x
undo local-user user-name [ service-type ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
user-name |
Specifies the user name of a local user. If the user name contains a delimiter "@", the character before "@" is the user name and the character after "@" is the domain name. If the value does not contain "@", the entire character string represents the user name and the domain name is the default one. |
The value is a string of 1 to 64 characters. It cannot contain spaces, asterisk,
double quotation mark and question mark.
NOTE:
During local authentication or authorization, run the authentication-mode { local | local-case } or authorization-mode { local | local-case } command to configure case sensitivity for user names. If the parameter is set to local, user names are case-insensitive. If the parameter is set to local-case, user names are case-sensitive. Note the following when configuring case sensitivity for user names:
|
password cipher password |
Specifies the password of a local user. |
The value is a case-sensitive string without question marks (?) or spaces. The value can be a string of 8 to 128 characters in plain text or a string of 48, 68, 88, 108, 128, 148, 168, or 188 characters in ciphertext. A simple local user password may bring security risks. The user password must consist of two types of characters, including uppercase letters, lowercase letters, numerals, and special characters. In addition, the password cannot be the same as the user name or user name in an inverse order. |
state { active | block } |
Specifies the state of a local user. The state of a local user can be:
If a user has established a connection with the device, when the user is set in blocking state, the connection still takes effect but the device rejects subsequent authentication requests from the user. If this parameter is not specified, the status of a local user is active. |
- |
| service-type 8021x | Specifies the access type of local user as 802.1X. |
- |
Usage Guidelines
Usage Scenario
To enable STAs on the branch AP to be authenticated when the branch AP is disconnected from the AC, enable local authentication on the branch AP.You can run the local-user command to create a local user and configure the password, state, and user type of the local user.
Precautions
After the local account's rights, password, or state are changed, online users' rights remain unchanged, and new users obtain new rights when they go online.
- When local authentication is performed for 802.1X authentication users, the access type must be set to 802.1X. When local authentication is performed for MAC address authentication users, the access type of the local user is not matched or checked. However, the access type must be configured; otherwise, local authentication for MAC address authentication users fails. The access type can only be set to 802.1X in the branch AP group view, so you must set the access type of the MAC address authentication users to 802.1X.
Example
# Create a local user in the branch AP group view and set the user name, password, state, and access type to user1, Huawei@123, active, and 802.1X, respectively.
<AC6605> system-view [AC6605] wlan [AC6605-wlan-view] branch-group name g1 [AC6605-wlan-branch-group-g1] local-user user1 password cipher Huawei@123 state active service-type 8021x
