HP A 5120 Manual

 
161 
User profile configuration 
User profile overview 
A user  profile  provides  a  configuration  template  to  save  predefined  configurations,  such  as  a  Quality  of 
Service (QoS) policy. Different user profiles are applicable to different application scenarios. 
The  user  profile  supports  working  with  802.1X,  MAC and  portal  authentications.  It  is  capable  of 
restricting authenticated users behaviors. After the authentication server verifies a user, it sends the device 
the name...

 
162 
To do… Use the command… Remarks 
Enter system view system-view — 
Create a user profile, and enter its 
view user-profile profile-name 
Required 
You can use the command to 
enter the view of an existing user 
profile. 
 
Configuring a user profile 
After a user profile is created, apply a QoS policy in user profile view to implement restrictions on online 
users. The QoS policy takes effect when the user profile is enabled and a user using the user profile goes 
online.  
Follow these steps to...

 
163 
 NOTE: 
 You can only edit or remove the configurations in a disabled user profile. 
 Disabling a user profile logs out the users that are using the user profile.  
Displaying and maintaining user profile
To do… Use the command… Remarks 
Display information about all the 
created user profiles 
display user-profile [ | { begin | 
exclude | include } regular-
expression ] 
Available in any view 
  

 
164 
Password control configuration 
Password control overview 
Password  control  refers  to a  set  of functions  provided  by  the  local  authentication  server to control  user 
login  passwords,  super  passwords,  and  user  login  status based  on predefined  policies. The  rest  of  this 
section describes the password control functions in detail. 
1. Minimum password length 
By setting a minimum  password  length,  you  can  enforce  users  to  use  passwords  long  enough for system...

 
165 
You  can  allow  a  user to  log  in  a  certain  number  of  times  within  a  specified  period  of  time  after  the 
password  expires,  so  that  the  user  does  not  need  to  change  the  password  immediately.  For  example,  if 
you set the maximum number of logins with an expired password to three and the time period to 15 days, 
a user can log in three times within 15 days after the password expires. 
6. Password history 
With  this  feature  enabled,  the system maintains  certain...

 
166 
9. Password complexity checking 
A  less  complicated  password  such  as  a  password  containing  the  username  or  repeated  characters  is 
more  likely  to  be  cracked.  For  higher  security,  you  can configure  a  password  complexity  checking  policy 
to  ensure  that  all  user  passwords  are  relatively  complicated.  With  such  a  policy  configured,  when  a  user 
configures a password, the system checks the complexity of the password. If the password is not qualified, 
the...

 
167 
Task Remarks 
Setting user group password control parameters Optional 
Setting local user password control parameters Optional 
Setting super password control parameters Optional 
Setting a local user password in interactive mode Optional 
 
Configuring password control 
Enabling password control 
To enable password control functions, you need to: 
1. Enable the password control feature in system view. Only after the password control feature is 
enabled globally, can password control...

 
168 
To do… Use the command… Remarks 
Set the minimum password 
update interval 
password-control password 
update interval interval 
Optional 
24 hours by default 
Set the minimum password length password-control length length Optional 
10 characters by default 
Configure the password 
composition policy 
password-control composition 
type-number policy-type [ type-
length type-length ] 
Optional 
By default, the minimum number 
of password composition types is 
1 and the minimum number of 
characters...

 
169 
To do… Use the command… Remarks 
Enter system view system-view — 
Create a user group and enter 
user group view user-group group-name — 
Configure the password aging 
time for the user group password-control aging aging-time 
Optional 
By default, the password aging 
time configured in system view is 
used. 
Configure the minimum password 
length for the user group password-control length length 
Optional 
By default, the minimum 
password length configured in 
system view is used. 
Configure the...

 
170 
Setting super password control parameters  
 NOTE: 
 CLI commands fall into four levels: visit, monitor, system, and manage, in ascending order. Accordingly, login 
users fall into four levels, each corresponding to a command level. A user of a certain level can only use the 
commands at that level or lower levels.  
 To switch from a lower user level to a higher one, a user needs to enter a password for authentication. This 
password is called a “super password”. For details on super passwords,...