The user-manage temp-user user-ip command configures the mapping between the temporary user and IP address and enables the user to log in.
The undo user-manage temp-user user-ip command deletes the mapping between the temporary user and IP address and logs out the user.
user-manage temp-use user-name user-ip { ipv4 ipv4-address | ipv6 ipv6-address }
undo user-manage temp-use user-name user-ip { ipv4 ipv4-address | ipv6 ipv6-address }
| Parameter | Description | Value |
|---|---|---|
| user-name | Specifies a user name, namely, a tenant name. |
The value is a string of case-insensitive characters. The value cannot contain any slash (/), comma (,), double quotation marks ("), question mark (?), or at sign (@), but can contain spaces. If the login name does not contain any space, the value is a string of 1 to 63 characters. If the login name contains spaces, the login name is a string of 3 to 65 characters, must be enclosed by double quotation marks ("), and cannot start or end with spaces, such as "user for test". The login name cannot be any. |
| ipv4-address | Specifies the IPv4 address resource purchased by a tenant. |
The value is in dotted decimal notation. |
| ipv6-address | Specifies the IPv6 address resource purchased by a tenant. |
The value is in hexadecimal notation. |
In Huawei enterprise cloud solution, after a tenant purchases the IP resource, the network intrusion detection service back end delivers the mapping between the tenant name and IP resource to the device. This command is delivered by the network intrusion detection service back end and can be automatically executed by the device.
When the mapping between the tenant name and IP resource is delivered, the device automatically executes this command to configure the mapping between the tenant name and IP resource and enables the user to log in at the default authentication domain as a temporary user. After the user logs in, the device can obtain the mapping between the tenant name and IP resource in the user monitoring table.
The device can automatically execute this command only after you run the user-manage temp-user online enable command.
The tenant uses the purchased IP resource to provide services. The device detects traffic accessing and initiated by this IP resource. If an attack or abnormal behavior is detected, the device searches for the tenant name corresponding to this IP resource and sends a log containing the tenant name to the log server.
In addition, an authentication policy shall be configured for traffic accessing or initiated by this IP resource, and the action of this authentication policy shall be authentication exemption. Otherwise, the sent log does not contain the tenant name.
After the IP resource purchased by the tenant expires, the network intrusion detection service back end deliverers a command to remove the mapping between the IP resource and tenant name. The device automatically executes the undo user-manage temp-user user-ip command to remove this mapping.