420
C
21: 802.1
HAPTER
Disconnecting a User by
Force
Configuring the RADIUS
Protocol
C
X
ONFIGURATION
However, the user-privilege level is a global value for all service types. Entering the
following two commands will result in the user having a level of 3 for all service
types. In this case both telnet and SSH:
[5500-SI-luser-adminpwd]service-type telnet level 1
[5500-SI-luser-adminpwd]service-type ssh level 3
You can use either
user. If both of these two commands are used, the latest configuration will take
effect.
Sometimes it is necessary to disconnect a user or a category of users by force. The
system provides the following command to serve this purpose.
Perform the following configurations in System View.
Table 449 Disconnecting a User by Force
Operation
Disconnect a user by
force
By default, no online user will be disconnected by force.
For the Switch 5500, the RADIUS protocol is configured on the per RADIUS scheme
basis. In a real networking environment, a RADIUS scheme can be an independent
RADIUS server or a set of primary/secondary RADIUS servers with the same
configuration but two different IP addresses. Accordingly, attributes of every RADIUS
scheme include IP addresses of primary and secondary servers, shared key and
RADIUS server type.
RADIUS protocol configuration only defines some necessary parameters used for
information interaction between NAS and RADIUS Server. To make these parameters
effective, it is necessary to configure, in the view, an ISP domain to use the RADIUS
scheme and specify it to use RADIUS AAA schemes. For more information about the
configuration commands, refer to "Configuring AAA".
RADIUS protocol configuration includes:
Creating/Deleting a RADIUS Scheme
■
Configuring RADIUS Authentication/ Authorization Servers
■
Configuring RADIUS Accounting Servers and the Related Attributes
■
Setting the RADIUS Packet Encryption Key
■
Setting Retransmission Times of RADIUS Request Packet
■
Setting the Supported Type of the RADIUS Server
■
Setting the RADIUS Server State
■
Setting the Username Format Transmitted to the RADIUS Server
■
Configuring the Local RADIUS Authentication Server
■
Configuring Source Address for RADIUS Packets Sent by NAS
■
Setting the Timers of the RADIUS Server
■
or
level
service-type
Command
cut connection { all | access-type { dot1x | gcm |
mac-authentication } | domain domain_name | interface
interface_type interface_number | ip ip_address | mac
mac_address | radius-scheme radius_scheme_name | vlan
vlanid | ucibindex ucib_index | user-name user_name }
command to specify the level for a local