Cutting down user connections forcibly, Radius configuration task list – H3C Technologies H3C S3600 Series Switches User Manual
Page 526
2-10
z
The following characters are not allowed in the user-name string: /:*?<>. And you cannot input
more than one “@” in the string.
z
After the local-user password-display-mode cipher-force command is executed, any password
will be displayed in cipher mode even though you specify to display a user password in plain text by
using the password command.
z
If a username and password is required for user authentication (RADIUS authentication as well as
local authentication), the command level that a user can access after login is determined by the
privilege level of the user. For SSH users using RSA shared key for authentication, the commands
they can access are determined by the levels set on their user interfaces.
z
If the configured authentication method is none or password authentication, the command level
that a user can access after login is determined by the level of the user interface.
z
If the clients connected to a port have different authorized VLANs, only the first client passing the
MAC address authentication can be assigned with an authorized VLAN. The switch will not assign
authorized VLANs for subsequent users passing MAC address authentication. In this case, you are
recommended to connect only one MAC address authentication user or multiple users with the
same authorized VLAN to a port.
z
For local RADIUS authentication to take effect, the VLAN assignment mode must be set to string
after you specify authorized VLANs for local users.
Cutting Down User Connections Forcibly
Follow these steps to cut down user connections forcibly:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Cut down user
connections forcibly
cut connection { all | access-type { dot1x |
mac-authentication } | domain isp-name | interface
interface-type interface-number | ip ip-address | mac
mac-address | radius-scheme radius-scheme-name |
vlan vlan-id | ucibindex ucib-index | user-name
user-name }
Required
You can use the display connection command to view the connections of Telnet users, but you cannot
use the cut connection command to cut down their connections.
RADIUS Configuration Task List
H3C’s Ethernet switches can function not only as RADIUS clients but also as local RADIUS servers.
Complete the following tasks to configure RADIUS (the switch functions as a RADIUS client):