1-20z With an authentication method that requires the username and password, including localauthentication, RADIUS authentication, HWTACACS authentication, the commands that a loginuser can use after logging in depend on the level of the user. With other authentication methods,which commands are available depends on the level of the user interface. For an SSH user usingpublic key authentication, the commands that can be used depend on the level configured on theuser interface. For details about authentication method and commands accessible to user interface,refer to Login Configuration in the System Volume.z Binding attributes are checked upon authentication of a local user. If the checking fails, the userfails the authentication. Therefore, be cautious when deciding which binding attributes should beconfigured for a local user.z Every configurable authorization attribute has its definite application environments and purposes.Therefore, when configuring authorization attributes for a local user, consider what attributes areneeded.Configuring User Group AttributesThe concept of user group is introduced to simplify local user configuration and manageability. A usergroup consists of a group of local users and has a set of local user attributes. You can configure localuser attributes for a user group to implement centralized management of user attributes for the localusers in the group. Currently, you can configure authorization attributes for a user group.By default, every newly added local user belongs to a user group named system and bears all attributesof the group. User group system is automatically created by the device.Follow these steps to configure the attributes for a user group:To do… Use the command… RemarksEnter system view system-view —Create a user group and enter usergroup view user-group group-name RequiredConfigure the authorization attributesfor the user groupauthorization-attribute { aclacl-number |callback-numbercallback-number | idle-cutminute | level level |user-profile profile-name |vlan vlan-id | work-directorydirectory-name } *OptionalBy default, noauthorization attribute isconfigured for a usergroup.Configuring a NAS ID-VLAN BindingIn some application scenarios, it is required to identify the access locations of users. In this case, youneed to configure NAS ID-VLAN bindings on the access device, so that when a user gets online, theaccess device can obtain the NAS ID by the access VLAN of the user and then send the NAS ID to theRADIUS server through the NAS-identifier attribute.Follow these steps to configure a NAS ID-VLAN binding:To do… Use the command… RemarksEnter system view system-view —Create a NAS ID profile andenter NAS ID profile viewaaa nas-id profileprofile-name Required