Tearing Down User Connections; Configuring A Nas Id-Vlan Binding - H3C S5500-EI Series Security Configuration Manual

Step
6. Specify the accounting
method for LAN users.
7. Specify the accounting
method for login users.
8. Specify the accounting
method for portal users.

Tearing down user connections

Step
1. Enter system view.
2. Tear down AAA user
connections.

Configuring a NAS ID-VLAN binding

The access locations of users can be identified by their access VLANs. In application scenarios where
identifying the access locations of users is a must, configure NAS ID-VLAN bindings on the switch. Then,
when a user gets online, the switch obtains the NAS ID by the access VLAN of the user and sends the
NAS ID to the RADIUS server through the NAS-identifier attribute.
To configure a NAS ID-VLAN binding:
Step
1. Enter system view.
2. Create a NAS ID profile and
enter NAS ID profile view.
3. Configure a NAS ID-VLAN
binding.
Command
accounting lan-access { local | none |
radius-scheme radius-scheme-name
[ local | none ] }
accounting login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local
| none | radius-scheme
radius-scheme-name [ local ] }
accounting portal { local | none |
radius-scheme radius-scheme-name
[ local ] }
Command
system-view
cut connection { access-type { dot1x |
mac-authentication | portal } | all | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index | user-name
user-name | vlan vlan-id } [ slot slot-number ]
Command
system-view
aaa nas-id profile profile-name
nas-id nas-identifier bind vlan
vlan-id
47
Remarks
Optional.
The default accounting method
is used by default.
Optional.
The default accounting method
is used by default.
Optional.
The default accounting method
is used by default.
Remarks
N/A
The command applies
only to LAN and
portal user
connections.
Remarks
N/A
You can apply a NAS ID profile to
an interface enabled with portal.
See "Configuring portal
authentication."
By default, no NAS ID-VLAN
binding exists.