beautypg.com

7 cutting down user connections forcibly, 4 radius configuration, 7 cutting down user connections forcibly -21 – H3C Technologies H3C S3100 Series Switches User Manual

Page 320: 4 radius configuration -21, 4 “radius, Configuration, Cutting down user, Connections forcibly

background image

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-21

Caution:

z

The following characters are not allowed in the user-name string: /:*?<>. And you
cannot input more than one “@” in the string.

z

After the local-user password-display-mode cipher-force command is executed,
any password will be displayed in cipher mode even though you specify to display a
user password in plain text by using the password command.

z

If a user name and password is required for user authentication (RADIUS
authentication as well as local authentication), the command level that a user can
access after login is determined by the privilege level of the user. For SSH users
using RSA shared key for authentication, the commands they can access are
determined by the levels set on their user interfaces.

z

If the configured authentication method is none or password authentication, the
command level that a user can access after login is determined by the level of the
user interface.

1.3.7 Cutting Down User Connections Forcibly

Table 1-11

Cut down user connections forcibly

Operation

Command

Description

Enter system view system-view

Cut down user

connections

forcibly

cut connection

{ all | access-type { dot1x |

mac-authentication

} | domain isp-name |

interface interface-type interface-number

| ip

ip-address

| mac

mac-address

|

radius-scheme

radius-scheme-name | vlan

vlan-id

| ucibindex ucib-index | user-name

user-name

}

Required

Note:

You can use the display connection command to view the connections of Telnet and
FTP users, but you cannot use the cut connection command to cut down their
connections.

1.4 RADIUS Configuration

The RADIUS protocol configuration is performed on a RADIUS scheme basis. In an
actual network environment, you can either use a single RADIUS server or two

See also other documents in the category H3C Technologies Routers: