Forcibly tearing down user connections, Configuring a nas id-vlan binding – H3C Technologies H3C SecPath F1000-E User Manual
Page 225
215
Step Command
Remarks
5.
Specify the command
accounting method.
accounting command
hwtacacs-scheme
hwtacacs-scheme-name
Optional.
The default accounting method
is used by default.
6.
Specify the accounting
method for DVPN users.
accounting dvpn { local | none |
radius-scheme radius-scheme-name
[ local ] }
Optional.
The default accounting method
is used by default.
7.
Specify the accounting
method for login users.
accounting login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local
| none | radius-scheme
radius-scheme-name [ local ] }
Optional.
The default accounting method
is used by default.
8.
Specify the accounting
method for portal users.
accounting portal { local | none |
radius-scheme radius-scheme-name
[ local ] }
Optional.
The default accounting method
is used by default.
9.
Specify the accounting
method for PPP users.
accounting ppp { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local
| none | radius-scheme
radius-scheme-name [ local ] }
Optional.
The default accounting method
is used by default.
10.
Specify the accounting
method for SSL VPN users.
accounting ssl-vpn radius-scheme
radius-scheme-name
Optional.
The default accounting method
is used by default.
Forcibly tearing down user connections
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Forcibly tear down
AAA user connections.
cut connection { access-type portal | all | domain
isp-name | interface interface-type interface-number
| ip ip-address | mac mac-address | ucibindex
ucib-index | user-name user-name | vlan vlan-id }
This command applies
only to portal and PPP
user connections.
Configuring a NAS ID-VLAN binding
The access locations of users can be identified by their access VLANs. In application scenarios where it
is required to identify the access locations of users, configure NAS ID-VLAN bindings on the access
device. Then, when a user gets online, the access device obtains the NAS ID by the access VLAN of the
user and sends the NAS ID to the RADIUS server through the NAS-identifier attribute.
To configure a NAS ID-VLAN binding:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS