3Com 7757 Configuration Manual page 524
3com switch 7750 family
Hide thumbs
Also See for 7757:
- Quick reference manual (94 pages) ,
- Installation manual (80 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
524
C
49: AAA & RADIUS & HWTACACS C
HAPTER
c
Cutting Down User
Connections Forcibly
n
ONFIGURATION
Table 405 Configure the attributes of a local user
Operation
Authorize the user to access
the specified type(s) of
service(s)
Set the priority level of the user level level
Set the attributes of the user
whose service type is
lan-access
CAUTION:
The character string of user-name cannot contain "/", ":", "*", "?", "<" and
■
">". Moreover, "@" can be used no more than once.
After the local-user password-display-mode cipher-force command is
■
executed, all passwords will be displayed in cipher mode even through you
specify to display user passwords in plain text by using the password
command.
If the configured authentication method (local or RADIUS) requires a user name
■
and a password, the command level that a user can access after login is
determined by the priority level of the user. For SSH users, when they use RSA
shared keys for authentication, the commands they can access are determined
by the levels set on their user interfaces.
If the configured authentication method is none or requires a password, the
■
command level that a user can access after login is determined by the level of
the user interface.
Table 406 Cut down user connection forcibly
Operation
Enter system view
Cut down user connections
forcibly
Telnet and FTP users can use the display connection command to view the
connection, but they cannot use the cut connection command to cut down the
connection.
Command
service-type { ftp |
lan-access | { telnet | ssh |
terminal }* [ level level ] }
attribute { ip ip-address |
mac mac-address |
idle-cut second |
access-limit
max-user-number | vlan
vlan-id | location { nas-ip
ip-address port
port-number | port
port-number } }*
Command
system-view
cut connection { all |
access-type { dot1x |
mac-authentication } | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | radius-scheme
radius-scheme-name | vlan vlan-id |
ucibindex ucib-index | user-name
user-name }
Description
Required
By default, the system does not
authorize the user to access any
service.
Optional
By default, the priority level of
the user is 0.
Optional
If the user is bound to a remote
port, you must specify the
nas-ip parameter (the following
ip-address is 127.0.0.1 by
default, representing this
device). If the user is bound to a
local port, you do not need to
specify the nas-ip parameter.
Description
-
Required
Advertisement
Table of Contents
Troubleshooting
