Mode Switching
Step 2 Run the display loghost list command to display the log host
----End
Example
To deactivate the log host with IP address 10.10.10.1, do as follows:
huawei#loghost deactivate ip 10.10.10.1 huawei#display loghost list ip 10.10.10.1 Log server configuration:
IP address : 10.10.10.1 Host name : huawei Terminal state : Deactivate
Related Operation
Table 5-4 lists the related operations for deactivating a log host.
Table 5-4 Related operations for deactivating a log host
To… Run the Command…
Activate a log host loghost activate
Add a log host loghost add
Delete a log host loghost delete
5.6 Querying Logs
This operation enables you to query logs.
Context
l The MA5600 can keep logs of the latest 512 operations. System administrators can query the latest executed operation commands through logs. The executed query commands cannot be recorded in the logs.
l Up to 512 logs can be stored in the system. When there are more than 512 records, the old records will be overwritten.
l Query and record the system logs at once in the case of system failure, to avoid loss of logs that are helpful for fault locating.
l To record the operation correctly, make sure that the system time is correct before service configuration.
Procedure
Run the display log command to query logs.
----End
Example
To query the logs of operations performed by user "root" on July 9, 2007, do as follows:
huawei(config)#display log name root 2007-07-09
6 Managing Users
About This Chapter
This chapter describes the classification of users supported by the MA5600 and how to add, modify, delete, or disconnect a user.
6.1 Overview
This section describes the definition of users and user levels and authorities supported by the MA5600.
6.2 Adding a User Profile
This operation enables you to add a user profile. To add a new user, you need bind this user profile to manage operators.
6.3 Adding a User
This operation enables you to add a user who can log in to the MA5600 to maintain it.
6.4 Modifying the User Attributes
You can modify the user attributes, such as user profile, authority, password, the permitted reenter number and the appended information.
6.5 Disconnecting an Online User
This operation enables you to disconnect an online user to prevent the user from logging in to the MA5600.
6.6 Deleting a User
This operation enables you to delete a user which is not permitted to log in to the MA5600.
6.1 Overview
This section describes the definition of users and user levels and authorities supported by the MA5600.
Service Description
Users herein refer to persons who configure and maintain the MA5600 through CLI.
Service Specification
In terms of authority, MA5600 users can be divided into four levels:
l Common user
l Operator
l Administrator
l Super user
Users at all levels can only add a user with lower levels than theirs.
Table 6-1 lists the authorities for users at all levels.
Table 6-1 User authorities User Level Authority
Common user Common users perform basic system operation and simple query operation.
Operator Operator can configure the MA5600 and services.
Administrator and super user
Common:
l Perform all operations.
l Maintain the MA5600 user accounts and user authority.
Difference:
l Only one super user exists in the system, while multi administrators in the system.
l The super user is of the highest level in the system.
l Super user can create the administrator level account, while administrator has no authority to add a super user.
6.2 Adding a User Profile
This operation enables you to add a user profile. To add a new user, you need bind this user profile to manage operators.
Context
l There exists one root profile in the system. This profile disables restrictions on users so that root users can log in to the system smoothly after a system upgrade. It is not recommended to bind the root profile when you add a new user.
l The system provides three default profiles whose levels are administrator, operator and common user respectively. They are convenient for unified management and the operation of adding users.
l Up to 12 profiles can be added.
l To add a user profile, you need to configure the following parameters:
– Use profile name
– Min. length of user name
– Min. length of password
– Validity period of the user name
– Validity period of the password
– Permitted start time of logon by a user
– Permitted end time of logon by a user For details, refer to Table 6-2.
Table 6-2 Parameter descriptions of a user profile Parameters Description
Min. length of user name
The min. length of user name can be 6 to 15 alphanumeric characters and it must be equal to or longer than 6 alphanumeric characters.
Min. length of password
The min. length of password can be 6 to 15 alphanumeric characters and it must be equal to or longer than 6 alphanumeric characters.
Validity period of the user name
It ranges from 0 to 999 days. If it is set to 0 day, then the validity lasts forever. By default, it is 30 days. The system checks the validity of user names by day and when a user logs on to the system. Before three days of the expiration, the system generates an alarm informing the user of expiration day. The system generates an alarm informing the user of expiration once the system identifies the expiration of a user name.
Validity period of the password
It ranges from 0 to 999 days. If it is set to 0 day, then the validity lasts forever. By default, it is 30 days. The validity period of the password should not be equal to or shorter than that of the user name. The system checks the validity of passwords by day and when a user logs on to the system. Before three days of the expiration, the system generates an alarm informing the user of expiration day and asking the user to modify the password in time.
Permitted start time of logon by a user
Together with the parameter of permitted end time of logon by a user, it specifies the permitted period for a user to log on to the system.
A user can log on to the system only in the permitted period.
Parameters Description Permitted end time
of logon by a user
Together with the parameter of permitted start time of logon by a user, it specifies the permitted period for a user to log on to the system.
A user can log on to the system only in the permitted period. If a user logs on to the system at the permitted start time but does not log out at the permitted end time, the system will force the user to log out and stop the user to configure the system.