No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
local-user service-type

local-user service-type


The local-user service-type command sets the access type for a local user.

The undo local-user service-type command restores the default access type for a local user.

By default, a local user cannot use any access type.


local-user user-name service-type { 8021x | ftp | http [ role guest-admin ] | ssh | telnet | terminal | web } *

undo local-user user-name service-type [ http role ]






Specifies a user name.

If the user name contains a domain name delimiter such as @, the character before @ is the user name and the character behind @ is the domain name. If the value does not contain @, the entire character string is the user name and the domain name is the default one.

The value is a string of 1 to 64 characters. It cannot contain spaces, asterisk, double quotation mark and question mark.

During local authentication or authorization, run the authentication-mode { local | local-case } or authorization-mode { local | local-case } command to configure case sensitivity for user names. If the parameter is set to local, user names are case-insensitive. If the parameter is set to local-case, user names are case-sensitive.

Note the following when configuring case sensitivity for user names:

  • Only the user name is case-sensitive and the domain name is case-insensitive.
  • For user security purposes, you cannot configure multiple local users with the user names that differ only in uppercase or lowercase. For example, after configuring ABC, you cannot configure Abc or abc as the user name.
  • When a device is upgraded from V200R008C10 or an earlier version to a version later than V200R008C10, all local user names in the original configuration file are saved in lowercase. When a configuration file that is manually configured or generated using the third-party tool is used for configuration restoration, local user names that differ only in uppercase or lowercase are considered as one user name and the first one among these local user names is used.


Indicates an 802.1X user.



Indicates an FTP user.



Indicates an HTTP user, which is usually used for web system login.


http role guest-admin

Indicates the user whose user type is the foreground administrator.



Indicates an SSH user.



Indicates a Telnet user, which is usually a network administrator.



Indicates a terminal user, which is usually a user connected using a console port.



Indicates a Portal authentication user.



AAA view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The device can manage access types of local users. After you specify the access type of a user, the user can successfully log in only when the configured access type is the same as the actual access type of the user.

Local users have the following access types:
  • Administrative: FTP, HTTP, SSH, Telnet, and Terminal
  • Common: 802.1X, and web


  • When MAC authentication users use AAA local authentication, the device does not match or check the access type of local users. However, the access type must be configured; otherwise, local authentication for MAC address authentication users fails.

  • Security risks exist if the user login mode is set to Telnet or FTP. You are advised set the user login mode to STelnet or SFTP and set the user access type to SSH.

    When a device starts without any configuration, HTTP uses the randomly generated self-signed certificate to support HTTPs. The self-signed certificate may bring risks. Therefore, you are advised to replace it with the officially authorized digital certificate.

  • Common access types cannot be configured together with administrative access types.

    If a user has been created and the password uses an irreversible encryption algorithm, the access type can only be set to an administrative one.

    If a user has been created and the password uses a reversible encryption algorithm, the access type can be set to an administrative or common one. When the access type is set to an administrative one, the encryption algorithm of the password is automatically converted into an irreversible encryption algorithm.

  • When configuring the local user as a foreground administrator, pay attention to the following points:
    • A foreground administrator manages only accounts of Portal authentication users, and cannot manage and query accounts of other administrators (including the foreground administrator) and accounts of non-Portal authentication users. A foreground administrator can modify its own password.
    • A foreground administrator supports only commands defined in the whitelist.


# Set the access type of the local user user1@vipdomain to SSH.

<Huawei> system-view
[Huawei] aaa
[Huawei-aaa] local-user user1@vipdomain service-type ssh
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207794

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next